Arup Victim of Deepfake Scam, $25M Loss in Hong Kong Office

Raising alarm bells on AI transactions

Fri 07 Jun 24


The identity of the firm targeted in a deepfake video scam resulting in the loss of US $25 million has been revealed as the UK engineering collective Arup, a group of 18,500 designers and consultants that focuses on sustainable development.

The incident, which took place at the group’s Hong Kong offices, involved a message from a fake chief financial officer, followed by a video conference call that utilised digitally cloned deepflake avatars of the CFO and other executives to instruct an employee to make 15 different transfers to five Hong Kong bank accounts, totalling HK $200 million.

Police investigations into the attack are ongoing but no arrests have been made. Arup’s east Asia chai Andy Lee stepped down weeks after it occurred.

Rob Greig, Arup’s global chief information officer, told architecture publication Dezeen that Arup is “subject to regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes,” and raises the alarm about “the increasing sophistication and evolving techniques of bad actors.”

He is not alone. WIO News reports that the Hong Kong Securities and Futures Commission (SFC) is also warning about a deepflake video scam in which an AI-generated avatar of Elon Musk promotes an illegitimate cryptocurrency trading platform called Quantum AI.

The relatively high volume of digital transactions makes Asia-Pacific ripe territory for fraudsters. Deepfake-related fraud in APAC increased by 1530% last year.

Michael Marcotte, CEO of artius.ID, is also warns about the risks that come with generative AI and deepfakes. “Governments, either through a lack of ability or will, have failed to sufficiently defend democracy against deepfakes,” he says.

Calling for a “radical shift,” Marcottre notes that “one option available for banks is to relinquish control of KYC data and use decentralised storage providers. If custody of the data remains in the hands of the individual, then banks won’t open themselves up to litigation or expose their customers to fraud.”

While banks and other financial institutions may still be dragging their feet on cybersecurity, biometrics and digital identity, verification firms are responding. Zoloz, which has offices in China, Singapore and the US, recently released an update to its biometric deepfake detection software, which features upgraded defences against evolving infiltration tactics, including AI face swapping attacks on facial recognition systems.


  • Wood Central

    Wood Central is Australia’s first and only dedicated platform covering wood-based media across all digital platforms. Our vision is to develop an integrated platform for media, events, education, and products that connect, inform, and inspire the people and organisations who work in and promote forestry, timber, and fibre.


Related Articles