For K-12 & Campus

The vendor email didn't come from the vendor.

suss. catches the impersonated edtech partner, the athletics invoice that isn't, and the manufactured urgency aimed at your AP team. Inside Microsoft 365, inline, with a signed record of every call.

See the case study

The problem

The attack doesn't need a vulnerability. It needs five minutes of pressure.

Filters that block obvious phishing miss the messages that imitate the vendors you actually pay. Three patterns we see across every district:

Edtech vendor impersonation

An email that looks like Pearson or a curriculum partner, asking AP to update banking details on a 'past due' invoice. The cadence and the language match the real vendor.

Athletics invoice fraud

A request to pay an officiating service, a transportation vendor, or a tournament fee, routed to someone who has authority but not visibility into the full vendor list.

Manufactured urgency on AP

Pressure on someone in AP to move quickly: an end-of-month deadline, a superintendent CC'd by spoof, a 'we already discussed this' tone designed to short-circuit the second look.

Live in the inbox

It catches what your other tools let through.

Native Microsoft 365 integration. Every message is scored before anyone acts on it, and the verdict lands inline, signed, right where your people already work.

Message arrives

An invoice lands in the AP inbox like any other.

suss. reads it

Scored in under half a second, before anyone opens it.

Fraud is flagged

The impersonation is caught and the row is marked high risk.

A signed record is written

Plain guidance for the user, an auditable record for you.

outlook.office.com/mailsuss. protected

Payroll Team

Reminder: timesheets due Friday

9:02

Pearson Education

URGENT: updated remittance — invoice past due

now

Facilities

New badge access policy

8:15

Every call is signed, queryable, and on the record.

How it fits your district

Built for the stack you already run.

Native Microsoft 365

Sits inside Outlook / Exchange Online. No extra agent on the endpoint.

Alongside what you already run

Coexists with KnowBe4, Microsoft Defender, and Barracuda. Doesn't replace them; catches what they let through.

FERPA-aware

Designed for institutions that handle education records. (FERPA-aware, not FERPA-certified.)

US-hosted on Google Cloud

All processing in us-central1. No third-country data transfers.

60-day shadow deployment

Run alongside production with verdicts hidden from end users. Tune to your vendor and cadence before flipping it on.

Case study

A $5.9M vendor invoice fraud aimed at a major university, caught at the message.

San Diego State's AP team received a request to redirect a vendor's banking details. Read the write-up.

Read the case study ›

Trust your gut. We'll back it up.

We're partnering with a select group of institutions building real protection for the people they serve. If that's you, let's talk.

Get the Chrome extension