Your email gateway
wasn't built
for this.
72% of student fraud starts outside email — in DMs, marketplace listings, fake job boards, and texts. suss. is browser-level protection that covers the surfaces your existing stack can't see. Deploys campus-wide in under 5 minutes.
Works with your existing infrastructure
Real scams.
Real interceptions.
These are actual attack patterns from our campus threat library. Every one passes traditional email security. None pass suss.
Legitimate FAFSA communications come from studentaid.gov, never a .com domain. Real financial aid offices don't threaten suspension via email.
What Monday
looks like.
Push one Chrome policy. Done.
One JSON config via Google Admin Console, Intune, or Jamf. No packages to build. No agents to install. No firewall rules. The extension deploys silently to every managed browser in your org.
Nothing. They don't do anything.
No app to install. No account to create. No training to complete. Protection is ambient — invisible when safe, clear and educational when risk is real. Students only see suss. when it matters.
A dashboard from day one.
Real-time threat analytics. Weekly threat briefs you can forward to the provost. Incident numbers for your board report. Proof that your campus is proactively protected — not just reactive.
Built for
procurement.
We know this has to pass your security review before anything else matters.
FERPA compliant
No student PII is stored. All scanning happens via ephemeral API calls. Text is scored and discarded.
SOC 2 Type II
Certification in progress. Security controls documented and auditable. Timeline available on request.
HECVAT ready
Pre-filled HECVAT Lite available for download. Designed for higher ed procurement from day one.
US-hosted infrastructure
All processing on Google Cloud (us-central1). No third-country transfers. No data retention.
Purpose-built
for higher ed.
Detection tuned for the threats students, faculty, and staff actually encounter — not generic consumer fraud patterns.
FAFSA & scholarship phishing
Fake portals, SSN harvest, aid diversion
Vendor invoice fraud (BEC)
Wire redirect, bank detail change, CEO impersonation
Fake internship & job postings
Task scams, money mule recruitment, advance fee
Housing deposit fraud
Fake listings, wire-before-viewing, ghost landlords
.edu credential phishing
Fake SSO portals, LMS vendor impersonation
Social engineering via DMs
Instagram, Discord, WhatsApp impersonation
Grant & research fund theft
NSF/NIH impersonation, PI credential phishing
Sextortion & blackmail
Photo threats, escalating payment demands
Attacks we've
analyzed.
SDSU: $5.9M vendor invoice fraud
A single BEC email redirected a $5.9M construction payment. suss. detected it at 94% confidence with 6 signals in under 200ms. The FBI recovered most of it. The reputational damage was permanent.
Read the analysisNew Haven Schools: $6M from a compromised inbox
Hackers compromised the COO's email and silently redirected 6 wire transfers. The fraud came from inside their own inbox. Traditional email security saw nothing wrong.
Read the analysisWe don't ask you to trust projections.
Start a 30-day pilot on one cohort. We'll show you exactly what we caught. You decide if it's worth scaling.
per student per year
for the 30-day pilot
to deploy campus-wide
For context: the average university spends 12 hours per phishing incident on response, investigation, and communication. At 15 incidents per month, that's 180 hours of staff time. A single BEC wire fraud averages $1.9M in losses in higher education.
Before you
ask.
Those tools are excellent at catching malicious attachments and known bad URLs. suss. catches the 72% of fraud that starts as pure text — BEC wire requests, social engineering in DMs, fake job postings, marketplace scams. We're the layer that covers what email gateways structurally can't see.
Chrome Enterprise managed install means students can't remove it. But more importantly, suss. is invisible when things are safe — students don't know it's running until it catches something real. In pilot cohorts, the top feedback is "I didn't know I had this until it saved me."
Safe Browsing blocks known malicious URLs from a blocklist. suss. reads the actual content — the text of the scam message, the context of a DM, the patterns in a fake job posting. A BEC email with zero links and zero attachments sails through Safe Browsing. suss. catches it at 94% confidence.
100% detection on our 75-case segment evaluation with 0% false positives. When we're uncertain, we educate rather than block — students see an advisory, not a wall. This is tuned specifically to avoid generating help desk tickets.
Yes. No student PII is stored. All scanning happens via ephemeral API calls — text is scored and discarded. We don't log message content. SOC 2 Type II certification is in progress. All infrastructure is US-hosted on Google Cloud (us-central1).
30 days, one cohort (we recommend a dorm or specific department). You push one Chrome policy. We give you a dashboard. At the end, you get a report showing exactly what we caught. No cost, no commitment, no procurement paperwork.
The CISO's Guide to Campus Scam Protection
6 attack types hitting universities right now. What your email gateway misses. 5-minute deployment walkthrough. ROI data for your budget request.
Read the guideSee what we catch
that your stack
doesn't.
30-day pilot. One cohort. Zero cost. You get a report showing exactly what suss. intercepted on your campus. We'll let the data make the case.
Or reach us directly at campus@gotsuss.com