$1B+ in
university fraud.
10 attacks.
All caught.
Real incidents across universities and school districts — from $1.9M wire fraud to nationwide FAFSA phishing to the ShinyHunters breach of Harvard and UPenn. We ran each attack through our API. Here's what suss. saw.
Every attack,
reconstructed.
California Community Colleges
“223,000+ fraudulent enrollments across 116 campuses. Synthetic identities applied for financial aid at scale. With enrollment system integration, detection multiplies.”
New Haven Public Schools
“Hackers compromised the COO's email and silently redirected 6 wire transfers. The fraud came from inside their own inbox.”
San Diego State University
“A single fraudulent invoice redirected a $5.9M wire payment. The FBI recovered most of it. The reputational damage was permanent.”
Johnson County Schools, TN
“pearson.quest instead of pearson.com. A single character in the domain cost a Tennessee school district $3.36 million.”
Southern Oregon University
“Attacker impersonated the construction contractor building the campus. Changed the bank account. The real contractor called 3 days later asking why they hadn't been paid.”
University of Southern California
“Scammers posed as Chinese police and DHS officials, threatening international students with arrest unless they wired money.”
U.S. Universities (Nationwide)
“DOE prevented $1 billion in FAFSA fraud in 2025. $90M+ was still fraudulently disbursed — including $30M to deceased individuals. Every attack starts with a phishing email.”
25 U.S. Universities (Storm-2657)
“Microsoft-tracked threat group compromised 11 accounts at 3 universities, then phished 6,000 accounts at 25 more. They changed Workday direct deposits and auto-deleted the notification emails.”
Harvard University & University of Pennsylvania
“ShinyHunters breached Alumni Affairs at both universities via voice phishing. Demanded $1M ransom from each. Both refused. 739K donor records — including wealth bands — leaked in February 2026.”
Michigan, UC Berkeley, UCLA, Stanford & Others
“Scammers impersonate deans, provosts, and department chairs. Request gift cards for 'faculty appreciation.' The most common university-targeted scam — low dollar, high volume, still active.”
How suss. catches
campus fraud.
How does suss. protect universities from scams?
suss. deploys browser-level scam detection via Chrome Enterprise. It scans emails, messages, and web content in real time across 40+ scam categories — including vendor invoice fraud, BEC, FAFSA phishing, payroll redirect, government impersonation, and credential harvesting — before money is sent or credentials are entered.
What types of education scams does suss. detect?
Vendor invoice fraud, business email compromise, FAFSA verification phishing, payroll redirect attacks (like Storm-2657), executive gift card scams, government impersonation targeting international students, domain typosquatting, ghost student enrollment fraud, credential phishing, and social engineering. The system runs at 94.5% precision and 93.2% recall.
How much do scams cost universities and school districts?
The DOE prevented $1 billion in financial aid fraud in 2025 alone. The ten incidents documented here span vendor wire fraud ($1.9M-$13M per incident), payroll redirect campaigns targeting 25+ universities, and data breaches exposing 739,000+ records. FBI IC3 reports BEC cost organizations $2.77 billion in 2024, with education among the most targeted sectors. Ransomware recovery in higher ed averages $4.02 million.
Can suss. stop phishing that bypasses MFA?
Yes. In 2025, an 18-university phishing campaign bypassed multi-factor authentication using adversary-in-the-middle techniques. suss. catches these at three layers: the email scanner flags the phishing email before the click, the page analyzer detects the fake SSO portal, and form guard blocks credential submission to unregistered forms.
How long does deployment take?
Under five minutes. suss. deploys via Chrome Enterprise managed policy — one JSON config pushed to all managed browsers. No student opt-in, no IT integration, no onboarding friction. Pre-loaded with 11 trusted university SaaS vendors (Workday, Banner, Canvas, Nelnet, FAFSA.gov, and more).
Does suss. work for FAFSA and financial aid phishing?
Yes. suss. detects fake FAFSA verification emails, fraudulent studentaid.gov domains, and SSN harvesting forms. The form guard feature knows what a real FAFSA form looks like and blocks submissions to impostor forms. This is critical: DOE found $90M+ was fraudulently disbursed in 2025, including $30M+ to deceased individuals.
What about payroll and direct deposit redirect scams?
suss. catches payroll phishing at every stage. Storm-2657 ('Payroll Pirates') targeted 25 US universities via fake Workday verification emails. suss. flags the phishing email, blocks the fake Workday portal, and prevents credential entry. Pre-loaded Workday trust means legitimate HR communications are never flagged.
How do universities get started with suss.?
Book a 15-minute pilot conversation. We'll show you the threats targeting your campus and walk through deployment. Reach out at info@gotsuss.com or visit gotsuss.ai/campus. Free 30-day pilots available for qualified institutions.
Don't be the next
case study.
These institutions lost a combined $1B++. Deploy suss. in under five minutes and see what's targeting your campus today.
15-minute conversation. Free 30-day pilot for qualified institutions.