Case Study — Financial Aid

$1 billion in FAFSA fraud.
It starts with one email.

The Department of Education prevented $1B in FAFSA fraud in 2025. $90M+ was still disbursed. $30M+ of that went to deceased individuals. Every attack begins with a phishing email that looks exactly like this one.

"Your FAFSA has been flagged for verification" — one of the most effective phishing templates targeting college students. Here is how suss. stops it at three separate layers.

All case studies
What happened
  1. 01
    Mass phishing targeting students
    Fake "your FAFSA has been flagged for verification" emails went to students at hundreds of universities. Links led to convincing fake studentaid.gov portals requesting SSN, date of birth, and FSA ID credentials.
  2. 02
    $90M+ fraudulently disbursed
    DOE flagged 150K suspicious FAFSA submissions and prevented $1B. But $90M still got through the cracks, including $30M paid out in the names of deceased individuals.
  3. 03
    Stolen identities used for years
    Once attackers have a student's SSN and FSA ID, they can file fraudulent FAFSA applications for multiple years. The student may not discover the fraud until they file their own legitimate application.
SourceU.S. Department of Education
What it cost
$1B
Fraud prevented by DOE in 2025
$90M+
Still fraudulently disbursed
150K
Suspicious submissions flagged
What suss. would have surfaced

A signed record, before the wire.

suss. interaction recordFlagged
FAFSA Phishing Attempt Detected

This is the kind of message your people see, before they act on it. Plain guidance, not a number.

  • Never enter your SSN via an email link.
  • Navigate to studentaid.gov directly by typing it in your browser.
  • Contact your university financial aid office to verify any FAFSA requests.
  • Report this phishing email to your university IT security team.
  • Check if your FSA ID has been compromised at studentaid.gov.
signed9c2f…e7a1· queryable record
Why this keeps happening

Why FAFSA phishing works on students.

First-time filers
Freshmen do not know what legitimate FAFSA communication looks like. A verification email feels perfectly normal when you have never received one before.
SSN is the skeleton key
One stolen SSN enables years of fraudulent FAFSA applications, tax fraud, and identity theft. The damage compounds over a lifetime.
Financial pressure creates urgency
Students terrified of losing aid are more likely to act quickly without questioning legitimacy. The script weaponizes their fear.
Scattered institutional response
Each university handles FAFSA phishing differently. Some warn proactively. Many find out about the campaigns only after students are already victims.
The divergence
Without suss.
  1. "FAFSA flagged for verification" email arrives.
  2. Stressed student clicks the link immediately.
  3. Fake studentaid.gov page looks convincing.
  4. Student enters SSN, DOB, and FSA ID.
  5. Attacker files fraudulent FAFSA applications.
  6. Student discovers the fraud months later when the real FAFSA is rejected.
With suss.
  1. Email scanner flags FAFSA phishing in Gmail.
  2. Warning badge appears: FAFSA Phishing Detected.
  3. If clicked, suss. flags the fake government domain.
  4. Form guard blocks SSN submission on an unregistered site.
  5. Student contacts financial aid office to verify.
  6. Identity protected. Financial aid intact.

Want this catching the next one before it ships?

This is a documented incident with a public source. The next one is in someone's inbox right now. suss. is what catches it.

Read more case studies