Skip to content
Case Study

SDSU lost $5.9M
to a fake invoice.

A fraudster impersonated a vendor and redirected a wire payment. suss. would have flagged it at 94% risk before anyone clicked send.

If it happened at SDSU, it can happen at any of the 23 CSU campuses. Here's how a free 30-day pilot would have stopped it.

What happened

Vendor impersonation email
A fraudster posed as a legitimate business vendor and sent SDSU an invoice with updated bank account details.
$5.9 million wire transfer
University staff processed the payment to the fraudulent bank account. The scam wasn't detected until after the funds were sent.
FBI recovered 90%+ of funds
The FBI assisted with recovery, but the reputational damage and operational disruption were significant. No student data was breached.

Source: The Daily Aztec

How suss. would have caught it

We ran a reconstructed version of this scam through our API. Here's what fired.

94%
High Risk
Vendor Invoice Fraud Detected

6 threat indicators fired

90%
Vendor bank account change request
invoice_bank_change
85%
New vendor with urgent first payment
new_vendor_rush
85%
Sender domain impersonating known vendor
vendor_domain_typosquat
80%
Wire transfer instructions sent via email
wire_instruction_email
75%
Urgency pressure with late payment penalty
rush_payment_penalty
70%
Vendor contact person changed
vendor_contact_change

Recommended actions

  1. 1DO NOT process this payment
  2. 2Call the vendor using a known phone number — not one from this email
  3. 3Verify the bank account change through your vendor management system
  4. 4Forward to IT security for investigation
  5. 5If payment was sent, contact your bank immediately to initiate a recall

The cost of no protection

$5.9M
Funds sent to fraudster
Weeks
FBI recovery timeline
500K+
CSU system employees at risk

Why universities are prime targets

Large vendor ecosystems
Hundreds of active vendors means AP teams can't personally verify every invoice change.
Decentralized purchasing
Department-level procurement creates more entry points for fraudulent invoices.
High transaction volumes
Millions in monthly payments make individual wire scrutiny impractical.
Public org charts
University leadership, department heads, and finance contacts are publicly listed — perfect for social engineering.

How the pilot works

1
Submit suspicious emails
Forward any suspicious invoice, payment request, or vendor email for instant analysis. Zero IT integration required.
2
AI scans in seconds
Purpose-built BEC detection analyzes the email across multiple threat categories including impersonation, fraud patterns, and social engineering tactics.
3
Verdict delivered via email
The sender receives a risk score, threat classification, and specific recommended actions within seconds — before any payment is processed.
4
Dashboard tracks everything
IT security gets a real-time dashboard showing scan volume, threat categories, and ROI metrics for the pilot period.

Purpose-built BEC detection

Invoice & Vendor Fraud

Detects fraudulent payment changes, suspicious vendor requests, and invoice manipulation patterns.

Executive Impersonation

Identifies spoofed executive communications, urgency-based payment requests, and social engineering tactics.

Email Authenticity

Analyzes sender legitimacy, domain reputation, and communication anomalies to verify email provenance.

Wire & Payroll Diversion

Flags suspicious payment routing changes, new beneficiary requests, and unauthorized payroll modifications.

With suss. vs. without

Without suss.

  • Invoice arrives, looks legitimate
  • AP team processes payment normally
  • Funds sent to fraudulent account
  • Discovered days or weeks later
  • FBI involved for recovery
  • $5.9M at risk, reputation damaged

With suss.

  • Invoice arrives, staff BCCs to suss.
  • AI detects 6 BEC indicators in seconds
  • 94% HIGH RISK verdict returned
  • Staff verifies via phone — confirms fraud
  • Payment blocked before it leaves
  • $5.9M saved, zero downtime

Start a free 30-day pilot

Zero IT integration required. Submit suspicious emails, get instant AI verdicts. See exactly what threats are hitting your university.

Request pilot accessView enterprise plans

Built for the CSU system — 23 campuses, 500K+ employees, one shared threat surface.

Free for qualified universities and government institutions

367
Scam signals
28
BEC-specific
94.5%
Precision
93.2%
Recall