AI Phishing Scams Jumped 14x: How to Spot Smishing, QR…
The 2024 Arup deepfake incident highlights the rising danger of AI-driven corporate fraud where synthetic video and audio are used to bypass verification.
- Incident date
- Jul 2026
- Target
- Arup
What happened
In 2024, a finance employee at the engineering firm Arup was targeted in a sophisticated corporate scam that resulted in a $25 million loss. The employee initially received a request that raised suspicions of a phishing attempt, but the attackers escalated the fraud by initiating a video conference. During the call, the employee interacted with deepfaked versions of the company’s CFO and several other colleagues. These synthetic personas were reconstructed using video footage of real staff members taken from previous online meetings. The live-seeming nature of the video call and the ability to hear and see familiar voices and faces effectively erased the employee's initial concerns regarding the legitimacy of the request. Believing they were interacting with authentic leadership, the employee proceeded to wire $25 million across multiple transactions. The funds were not recovered. This incident demonstrates how AI-enabled voice cloning and video synthesis can be used to exploit corporate trust hierarchies, effectively overriding the skepticism that might otherwise prevent a standard phishing attack.