A finance worker at Arup, a multinational engineering firm, thought he was on a routine video call with his CFO and senior leadership team. The faces looked right. The voices matched perfectly. The CFO authorized a $25 million wire transfer for what seemed like a legitimate business reason.
Every person on that call was fake. Attackers had used AI to clone the executives' faces and voices from publicly available footage, creating deepfakes so convincing that even a trained professional could not tell the difference.
This is not science fiction. This happened in early 2024, and attacks like this have only become more sophisticated since then.
AI Phishing Has Exploded in Northeast Ohio and Beyond
The numbers are staggering. AI-powered phishing attacks have increased by over 1,200% since 2023. Nearly 83% of phishing emails are now AI-generated, meaning the days of spotting scams through spelling errors and awkward phrasing are over.
For businesses in Canton, Akron, Massillon, and throughout Stark County, this represents a fundamental shift in how attacks work. Criminals no longer need to be skilled writers or social engineers. They feed your company's website, your LinkedIn profiles, and your social media posts into AI tools that generate perfectly crafted attacks tailored specifically to your business.
A manufacturing shop in Alliance might receive an email that references a real supplier, a real purchase order number, and a real employee name. A medical practice in North Canton might get a voicemail from someone who sounds exactly like their bank's fraud department. A construction company in Louisville might join a video call with what appears to be their general contractor.
Why Small and Mid-Sized Businesses Are Prime Targets
You might think your business is too small for criminals to bother with sophisticated attacks. That assumption is exactly why attackers are targeting companies like yours.
Large corporations have invested heavily in cybersecurity. They have dedicated security teams, advanced detection tools, and strict verification protocols. Attacking them takes significant effort with uncertain results.
Small and mid-sized businesses in Ohio often lack these protections. You have valuable data, access to banking systems, and the ability to authorize payments. You probably do not have a full-time security team reviewing every communication that comes through.
Criminals have figured this out. They now run high-volume campaigns targeting thousands of smaller businesses, knowing that even a small success rate generates significant returns. One successful $50,000 wire fraud pays for the AI tools and infrastructure to launch thousands more attacks.
The Verification Gap
Here is the problem most Ohio businesses face: you have no formal process for verifying that the person you are talking to is actually who they claim to be.
Think about your own operations. If your CFO called and asked you to wire money to a new vendor, would you question it? If a supplier emailed asking you to update their payment information, would you verify through a separate channel? If someone from your bank called about suspicious activity, would you hang up and call back using a number you looked up yourself?
Most businesses would not. They trust familiar voices, familiar faces, and familiar email addresses. That trust is exactly what attackers exploit.
What NHM Ohio Recommends for Local Businesses
We work with businesses throughout Northeast Ohio to implement practical verification protocols that stop these attacks without grinding operations to a halt. Here is what actually works:
Callback Verification for Financial Requests
Any request to transfer money, change payment information, or provide sensitive data requires verification through a separately initiated contact. This means hanging up and calling back using a number from your records, not a number provided in the suspicious communication.
This simple step would have stopped the Arup attack. If the finance worker had called the CFO's known number instead of trusting the video call, he would have discovered the fraud immediately.
Multi-Factor Authentication Everywhere
MFA is not just for email anymore. Every system that can support it should require it, including banking portals, accounting software, remote access tools, and cloud services. Even if attackers steal credentials through phishing, MFA creates a second barrier they cannot easily bypass.
We help Canton-area businesses implement MFA across all critical systems, choosing solutions that balance security with usability so your team actually uses them.
Security Awareness Training That Reflects 2025 Threats
Your employees are your last line of defense, but most security training is outdated. It still focuses on obvious phishing attempts that barely exist anymore.
Modern training needs to address AI-generated attacks, deepfake audio and video, and sophisticated social engineering. Your team needs to understand that a perfectly written email from a colleague might still be fake, and that verification protocols exist for good reason.
We provide ongoing security awareness programs for Ohio businesses that keep pace with evolving threats, including simulated phishing tests that measure real-world readiness.
Documented Protocols for High-Risk Actions
Every business should have written procedures for actions that could cause significant harm if compromised. Wire transfers, payment information changes, access grants, and data exports all need documented verification steps.
These protocols should be known by everyone, enforced consistently, and tested regularly. When an attacker tries to create urgency to bypass normal procedures, your team should recognize that pressure as a red flag rather than a reason to skip verification.
The Cost of Waiting
The Arup attack cost $25 million. Most Ohio businesses would not survive a loss anywhere near that scale. Even a $50,000 or $100,000 loss from wire fraud can devastate a small company's cash flow and potentially force closure.
Beyond direct financial loss, consider the time spent dealing with the aftermath. The hours working with banks and law enforcement. The damage to customer relationships if their data was involved. The distraction from actually running your business.
Prevention costs a fraction of recovery. Implementing proper verification protocols, MFA, and security awareness training is an investment that pays for itself the first time it stops an attack.
Get a Security Assessment for Your Ohio Business
NHM Ohio provides IT services and cybersecurity support for businesses throughout Stark, Summit, Tuscarawas, Carroll, and surrounding counties. We understand the specific challenges facing Northeast Ohio companies, from manufacturing operations to medical practices to professional services firms.
If you are not confident that your team could spot a sophisticated deepfake or AI-generated phishing attempt, we should talk. We offer security assessments that identify gaps in your current defenses and practical recommendations you can implement immediately.
Contact NHM Ohio today to schedule a consultation. The threats have evolved, and your defenses need to evolve with them.
NHM Ohio provides managed IT services, cybersecurity solutions, and technology support for businesses in Canton, Akron, Massillon, Alliance, and throughout Northeast Ohio. Visit nhmohio.com or call to learn how we can help protect your business from modern cyber threats.