A British multinational design and engineering company, Arup, was targeted in a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters. The incident was reported to Hong Kong police in January, where fake voices and images were used in the elaborate scam. Despite the financial loss, Arup reassured that their financial stability and business operations were not affected, and none of their internal systems were compromised.
The employee, a finance worker, was tricked into attending a video call with individuals posing as the chief financial officer and other staff members, using deepfake technology to create realistic fake voices and images. The worker initially suspected a phishing email from the company’s UK office, but was convinced by the realistic appearance and voices of the deepfake recreations during the video call. Subsequently, the worker sent a total of 200 million Hong Kong dollars across 15 transactions, around $25.6 million, as part of the scam.
Deepfake technology involves the creation of fake videos using artificial intelligence and has raised concerns about the potential malicious uses. Previous incidents involving deepfakes include AI-generated pornographic images of celebrities like Taylor Swift spreading on social media platforms. Arup, a top engineering consulting firm with offices worldwide, acknowledged that they are subject to various cyberattacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes. There has been a rise in the number and sophistication of these attacks in recent months.
Authorities globally are becoming increasingly concerned about the growing sophistication of deepfake technology and its potential misuse for scams and fraudulent activities. Arup’s East Asia regional chairman emphasized the need for vigilance and awareness among employees to identify different techniques used by scammers. The company’s global chief information officer highlighted the rising frequency and complexity of cyberattacks, underscoring the importance of staying informed and alert to protect against such threats. The departure of an executive from Arup after 26 years was also mentioned in the context of the evolving cybersecurity landscape.
The incident involving Arup and the deepfake scam highlights the vulnerabilities that organizations face in the digital age, with cyber threats becoming more sophisticated and challenging to detect. Companies like Arup, known for their iconic architectural projects, are not immune to such cyber risks and must continuously adapt their cybersecurity measures to combat evolving threats. The use of deepfake technology in this scam underscores the need for enhanced cybersecurity awareness and training to ensure employees are vigilant against potential fraud attempts. The incident serves as a cautionary tale for businesses to strengthen their cybersecurity protocols and remain vigilant in the face of growing cyber threats.