Case Study — University

SDSU lost $5.9M
to a fake invoice.

A fraudster impersonated a vendor and redirected a wire payment. The suss. API scores this exact attack, before anyone clicks send.

If it happened at SDSU, it can happen at any of the 23 CSU campuses. Here is what our engine saw when we reran it.

All case studies
What happened
  1. 01
    Vendor impersonation email
    A fraudster posed as a legitimate vendor and sent SDSU an invoice with updated bank account details. Display name matched the real vendor. The body looked routine.
  2. 02
    $5.9 million wire transfer
    AP staff processed the payment to the fraudulent account. No second pair of eyes caught the change. The scam was not detected until after the funds were sent.
  3. 03
    FBI recovered 90%+ of funds
    The FBI assisted with recovery. Reputational damage and operational disruption were real. No student data was breached, but the trust loss with vendors and the press coverage were not recoverable.
SourceThe Daily Aztec
What it cost
$5.9M
Wired to fraudster
Weeks
FBI recovery timeline
500K+
CSU system employees at risk
What suss. would have surfaced

A signed record, before the wire.

suss. interaction recordFlagged
Vendor Invoice Fraud Detected

This is the kind of message your people see, before they act on it. Plain guidance, not a number.

  • Do not process this payment.
  • Call the vendor at a known number — never the one in this email.
  • Verify the bank account change through your vendor management system.
  • Forward to IT security for investigation.
  • If payment was sent, contact your bank immediately to initiate a recall.
signed9c2f…e7a1· queryable record
Why this keeps happening

Why universities keep getting hit.

Large vendor ecosystems
Hundreds of active vendors means AP teams cannot personally verify every invoice change. Attackers exploit the volume.
Decentralized purchasing
Department-level procurement creates more entry points for fraudulent invoices, with no unified approval chain.
High transaction volumes
Millions in monthly payments make individual wire scrutiny impractical. Fraud hides inside normal workflow.
Public org charts
University leadership, department heads, and finance contacts are publicly listed. Perfect for social engineering.
The divergence
Without suss.
  1. Invoice arrives. It looks legitimate.
  2. AP team processes payment normally.
  3. Funds sent to fraudulent account.
  4. Discovered days or weeks later.
  5. FBI involved for recovery.
  6. $5.9M at risk, reputation damaged.
With suss.
  1. Invoice arrives, staff forwards to suss.
  2. suss. flags the pattern, inline.
  3. Plain guidance returned, signed record written.
  4. Staff calls the vendor to verify.
  5. Payment blocked before it leaves.
  6. $5.9M saved, zero downtime.

Want this catching the next one before it ships?

This is a documented incident with a public source. The next one is in someone's inbox right now. suss. is what catches it.

Read more case studies