UK-Based Arup Loses $25 Million in Deepfake Video Conference Scam

Deepfake scams pose an immediate danger to organizations and individuals
Spread financial intelligence

The Financial Times reports that UK-based engineering firm Arup has fallen victim to a sophisticated deepfake scam, resulting in a loss of HK$200 million (US$25 million). The fraud, one of the largest known deepfake scams globally, involved using a digitally cloned senior executive to deceive employees during a video conference into authorizing multiple financial transfers. The case demonstrates the immediate danger posed by such deepfake scams!

How the Scam Unfolded

The scam began when an Arup employee received a message from a supposed UK-based chief financial officer (CFO) about a “confidential transaction.” During a subsequent video conference, the employee interacted with what appeared to be the CFO and other fake company employees, all digitally cloned. Following the meeting, the employee made 15 transfers to five Hong Kong bank accounts, only realizing it was a scam after following up with Arup’s headquarters.

Company Response

Arup has confirmed the use of fake voices and images in the scam but emphasized that their financial stability and business operations were not compromised. The incident did not breach any internal systems, according to a company statement.

Ongoing Investigation

Hong Kong police are continuing their investigation, but no arrests have been made yet. The scam’s exposure has led to significant repercussions within the company. Arup’s East Asia chair, Andy Lee, stepped down shortly after the incident, citing a new opportunity as the reason for his departure. He was replaced by Michael Kwok, a former East Asia chair for Arup.

Broader Implications and Industry Reaction

This incident highlights the escalating sophistication of cybercriminal tactics. Rob Greig, Arup’s global chief information officer, noted the sharp rise in deepfake and other scams, calling for increased awareness of these evolving threats.

The Arup case underscores the urgent need for enhanced cybersecurity measures and awareness as cybercriminals adopt increasingly advanced technologies to exploit vulnerabilities in corporate defenses.


Leave a Reply

Your email address will not be published. Required fields are marked *