Arup HK$200M deepfake video-call CFO fraud
Real-world incident04 Feb 2024πΊοΈ Identity Deepfake (Face Swap & Talking Head)A finance employee at engineering firm Arup's Hong Kong office paid out about HK$200M (~US$25.6M) in 15 transfers after a video conference in which the CFO and other 'colleagues' were all AI-generated deepfakes of real staff (face and voice).
Root cause β why it happened
Nobody hacked Arup's computers. The trick was simpler and scarier: the attackers made a fake version of people the employee trusted. They collected public videos and photos of Arup's chief financial officer and some colleagues β the kind of footage you can find online β and used AI to recreate their faces and voices. Then they put those fakes on a live video call. The finance worker in Hong Kong saw the 'CFO' and several 'colleagues' on screen, heard them speak, and felt reassured β even though the worker had first suspected the email was a scam. Because the worker treated 'I can see and hear my boss' as proof it was really them, they followed the call's instructions and made 15 bank transfers worth about HK$200M (~US$25.6M). The fraud only came to light later during a routine check with head office. The failure was trusting a face and a voice as proof of identity β exactly the thing AI can now fake.
Risks this case illustrates
Named in the standard (OWASP/ATLAS/NIST) lens. Click a highlighted component in the diagram below to see which risks attach where.
How it unfolded
Attacker scrapes public footage of Arup executives
It starts with homework, not hacking. The fraudsters gather videos and photos of Arup's senior people β the chief financial officer and some colleagues β from the open web: conference talks, press clips, company videos. Senior staff leave a big public footprint, so there is plenty to work with. The targets never know their likeness is being collected.
Targets to impersonate on the call (recreate from public footage): - CFO (UK-based) sources: conference keynote, media interview - Finance colleague A sources: corporate video, webinar - Finance colleague B sources: public panel recording Goal: populate a live video conference so the Hong Kong finance employee sees a roomful of familiar, senior faces. Note: no Arup system access required β likeness only.
Controls & guardrails β what would have stopped it
One rule breaks this entire scam: never send money just because of a video call. For any large or confidential transfer, the employee should have to hang up and call the person back on a known, trusted number β and get a second person to approve it β before anything moves. The employee even had the right instinct at first (they suspected phishing); the call talked them out of it. Training staff that faces and voices can now be faked, and that 'I saw them' is no longer proof, would have kept that instinct alive. Watermarking or detecting the fake video does not help, because a real attacker simply won't watermark their own forgery.
- Human-in-the-loop approval on high-risk actions
Approval fatigue turns gates into rubber stamps; gates placed after the point of no return do nothing; and approvers can be misled by a model-written summary of the action.
- Governance: risk assessment, red-teaming & incident response
Process reduces likelihood and speeds recovery but executes no technical control itself; weak follow-through makes it theatre.
- User AI-literacy & verification workflows
Relies on human diligence under time pressure; automation bias is strong and training decays. A backstop, not a guarantee.
- Runtime monitoring & anomaly detection
Detects the anomalous, not the novel-but-subtle; high false-positive rates cause alert fatigue. Always a step behind a sufficiently quiet attacker.
- Full-trace audit logging
Logging is forensic, not preventive β it explains harm after the fact. Useless if no one reviews it or if the materialised context isn't captured.
- Synthetic-media / deepfake detection
Probabilistic and in an arms race with generators; evadable (UnMarker-style perturbation, novel models) and prone to false confidence. A triage signal, not proof β high-stakes calls still need out-of-band verification.
- Governance: risk assessment, red-teaming & incident response
Process reduces likelihood and speeds recovery but executes no technical control itself; weak follow-through makes it theatre.
Lessons
- βΈ Face and voice are no longer identity: cheap, one-shot deepfakes from public footage mean 'I can see and hear them' is forgeable evidence, not proof β high-value approvals must verify through a channel the attacker cannot control.
- βΈ Multi-party real-time deepfakes manufacture false consensus: impersonating the CFO AND several colleagues defeats the lone-imposter heuristic and overturned the employee's correct initial phishing suspicion.
- βΈ This was social engineering, not a breach: no Arup system was compromised; the money left via a normal authorised payment path because the human authoriser was deceived β frame the failure as overreliance, not a technical exploit.
- βΈ Put the boundary on the payment, not the pixels: an enforced out-of-band callback plus dual control on confidential/high-value transfers is what breaks the chain β a single employee acting on a video call should never be able to move ~HK$200M.
- βΈ Deepfake-pipeline controls don't protect the victim: the enrolment consent-gate, output classifiers and provenance/watermarks protect the impersonated subjects or label cooperative output, but an adversarial offline pipeline honours none of them.
- βΈ Detection that comes only on routine reconciliation is too late: the out-of-band confirmation that exposed the fraud (HQ saying the transaction did not exist) is exactly the check that, done before payment, would have prevented the loss.
Sources
- Multinational loses HK$200 million to deepfake video conference scam, Hong Kong police say β Hong Kong Free Press (Feb 5 2024) β
- UK multinational Arup confirmed as victim of HK$200 million deepfake scam that used digital version of CFO β South China Morning Post (May 16 2024) β
- Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee β CNN Business (May 16 2024) β
- Multinational loses HK$200 million to deepfake video conference scam, Hong Kong police say β Hong Kong Free Press (Feb 5 2024) β β Hong Kong police disclosure: every other participant on the video call was an AI-generated deepfake of real staff; finance worker authorised 15 transfers totalling ~HK$200M to five accounts.
- UK multinational Arup confirmed as victim of HK$200 million deepfake scam that used digital version of CFO β South China Morning Post (May 16 2024) β β Arup confirmed as the victim; deepfake recreated the UK-based CFO and colleagues from publicly available footage; employee initially suspected phishing before the call reassured them.
- Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee β CNN Business (May 16 2024) β β ~US$25.6M loss; multi-party deepfake video call; fraud discovered on routine follow-up with corporate headquarters.