Case studies

10 incidents, all sourced. This is what the message looks like.

Real fraud at universities, school districts, and financial-aid programs. Each case is reported, cited, and linked to the original write-up. We map the pattern, not the institution.

Incidents documented

Aggregate loss / exposure

$1B+

Sectors covered

K-12 · Higher Ed

Community college system

California Community Colleges

Ghost-student enrollment fraud · $13M

223,000+ fraudulent enrollments across 116 campuses. Synthetic identities applied for financial aid at scale.

Source · CA Chancellor's OfficeRead ›

K-12

New Haven Public Schools

Business email compromise · $6M

Attackers compromised the COO's email and silently redirected six wire transfers. The fraud came from inside their own inbox.

Source · New Haven IndependentRead ›

University

San Diego State University

Vendor invoice fraud · $5.9M

A single fraudulent invoice redirected a $5.9M wire payment. The FBI recovered most of it. The reputational damage was permanent.

Source · The Daily AztecRead ›

K-12

Johnson County Schools, TN

Vendor domain typosquat · $3.36M

pearson.quest instead of pearson.com. A single character in the domain cost a Tennessee school district $3.36 million.

Source · Johnson City PressRead ›

UniversityNew

Southern Oregon University

Vendor payment redirect · $1.9M

An attacker impersonated the construction contractor building the campus, changed the bank account, and waited. The real contractor called three days later asking why they hadn't been paid.

Source · The Siskiyou / TripwireRead ›

University

University of Southern California

Government impersonation · $1.6M

Scammers posed as Chinese police and DHS officials, threatening international students with arrest unless they wired money.

Source · USC Dept. of Public SafetyRead ›

Financial aidNew

U.S. universities, nationwide

FAFSA verification phishing · $1B+

DOE prevented $1 billion in FAFSA fraud in 2025. $90M+ was still fraudulently disbursed, including $30M to deceased individuals. Every attack starts with a phishing email.

Source · U.S. Department of EducationRead ›

Multi-university campaignNew

25 U.S. universities (Storm-2657)

Payroll redirect phishing · Undisclosed

A Microsoft-tracked threat group compromised 11 accounts at 3 universities, then phished 6,000 accounts at 25 more. They changed Workday direct deposits and auto-deleted the notification emails.

Source · Microsoft Security BlogRead ›

Ivy LeagueNew

Harvard University & UPenn

Voice phishing & data breach · 739K records

ShinyHunters breached Alumni Affairs at both universities via voice phishing. Demanded $1M ransom each. Both refused. 739K donor records, including wealth bands, leaked in February 2026.

Source · TechCrunchRead ›

Multi-university, ongoingNew

Michigan, Berkeley, UCLA, Stanford & others

Executive gift-card scam · $1K-$5K / incident

Scammers impersonate deans, provosts, and department chairs. They request gift cards for 'faculty appreciation.' Low dollar, high volume, still active across campuses.

Source · University of Michigan Safe ComputingRead ›

Questions we get

The procurement short list.

How does suss. protect universities from scams?

suss. deploys at the inbox and the browser. It flags vendor email compromise, FAFSA phishing, payroll redirect, government impersonation, and credential harvesting before anyone acts on them. Every flagged interaction lands as a signed record your team can audit.

What types of education scams does suss. cover?

Vendor invoice fraud, business email compromise, FAFSA verification phishing, payroll redirect attacks (like Storm-2657), executive gift-card scams, government impersonation targeting international students, domain typosquatting, ghost-student enrollment fraud, and credential phishing.

How much do scams cost universities and school districts?

DOE prevented $1 billion in financial aid fraud in 2025 alone. The ten incidents documented here range from $1.9M to $13M per case, plus payroll campaigns hitting 25+ universities and data breaches exposing 739,000+ records. FBI IC3 reports BEC cost organizations $2.77 billion in 2024, with education among the most-targeted sectors.

Can suss. stop phishing that bypasses MFA?

Yes. The phishing campaigns that have moved past MFA in the last year rely on adversary-in-the-middle pages that look like the real SSO portal. suss. flags the email and the page before credentials are submitted.

How long does deployment take?

Under a week for inbox coverage, and managed-browser rollouts deploy via a single Chrome Enterprise policy. We typically run 30 to 60 days in shadow mode first so the verdicts your people eventually see fit the way your institution actually runs.

Does suss. work for FAFSA and financial aid phishing?

Yes. suss. catches fake FAFSA verification emails, impostor studentaid.gov domains, and SSN-harvesting forms before submission. With $90M+ fraudulently disbursed in 2025 (including $30M to deceased individuals), the public-facing financial-aid funnel is one of the highest-stakes surfaces in higher ed.

What about payroll and direct-deposit redirect scams?

Storm-2657 ('Payroll Pirates') targeted 25 US universities via fake Workday verification emails. suss. flags the phishing email and the impostor portal before credentials change hands. Legitimate HR communications remain untouched.

How do universities get started with suss.?

Book a 15-minute demo. We'll show you the threats targeting your campus and walk through deployment. Reach out at info@gotsuss.com or book directly. 30-day pilots available for qualified institutions.

Want this catching the next one before it ships?

These are public, documented incidents. The next one is in someone's inbox right now. suss. is what catches it.

Read the K-12 page