0%

Deepfake Video Call: How Arup Lost £20 Million

A finance worker spotted the phishing email. The video call is what convinced him.

The short version In January 2024 a finance worker at Arup’s Hong Kong office approved fifteen transfers worth around £20 million after joining a video call with his CFO and several colleagues. Every person on that call was an AI deepfake, built from video and audio Arup’s leaders had published openly. No Arup system was breached. The fix is boring and cheap: confirm the request on a channel the caller did not arrange.

Who was hit, and why them

Arup is a London-headquartered engineering firm with around 18,000 staff across more than 30 offices. Its portfolio is the kind that makes public reconnaissance trivial: the Sydney Opera House, the Beijing National Stadium, the Centre Pompidou. Its senior leaders speak constantly, at conferences, on webinars, on podcasts and on YouTube. They have to, because that is how the firm wins work.

The target was a finance worker in the Hong Kong branch with the authority to move large sums. He was not careless. Police described him as alert to the possibility of phishing. If your firm publishes video of its leaders and trusts a finance team to act on their instructions, you should see yourself here.

How the deepfake attack worked

The attack ran in three moves, over the course of about a week.

  1. The bait An email posing as Arup's UK CFO asks for a confidential transaction, handled discreetly.
  2. The proof A multi-person video call. The CFO and colleagues appear on screen. Every face is an AI deepfake.
  3. The payout Fifteen transfers to five Hong Kong accounts. Around £20 million, gone before London is alerted.

It opened in mid-January with an email that appeared to come from Arup’s UK-based CFO. It talked about a confidential transaction that had to be handled discreetly, and it pressed for secrecy.

Flagged by the recipient as suspected phishing

Group CFO (UK)

g.cfo@arup-finance-uk.example

Mid-January, 09:14

Confidential transaction, handle directly

I need your help with a confidential matter ahead of a deal. It must stay between us for now.

Please stand by to action a series of transfers today. Discretion is essential. Do not raise this with the wider team.

I will confirm the details with you on a call shortly.

Recreation of the opening vector. No real names or addresses.

The worker did exactly what good training teaches. He treated the email as a likely phishing attempt. The attackers had counted on that, and they had built the answer to his scepticism into the next step.

He was invited to a multi-person video conference to confirm the request. On it he saw and heard his CFO and several colleagues he recognised. His doubt collapsed.

Recreation of the call. Every face but one was generated from public footage. No real faces or names.

Hong Kong police summarised the call bluntly: “everyone you see is fake”. Source: Superintendent Baron Chan, via RTHK, reported by CNN

Every face and every voice was synthetic, generated from footage Arup had published. Police said the scammers turned “publicly available video and other footage” into convincing versions of the people on the call.

Source: South China Morning Post, citing Hong Kong police

Once his scepticism was gone, he made fifteen transfers to five Hong Kong bank accounts, totalling roughly £20 million. By the time he followed up with head office in London, the money had already gone.

Why it succeeded

One thing let this work. The worker verified identity by appearance. He trusted that seeing and hearing familiar faces on a call meant the people were real, and that single assumption carried the whole loss. His scepticism about the email was correct, and it was overridden the moment the call started. The video meeting was treated as proof, and proof was exactly what the attackers manufactured.

Arup was clear afterwards that this was not a network breach.

Arup confirmed that “none of our internal systems were compromised”. Source: CNN

What was visible beforehand

Here is the part that should change how you think about your own exposure. None of this required breaking into Arup. The raw material was already public.

  • Conference talks
  • Webinars
  • YouTube case-study films
  • Podcast interviews
  • Public reporting lines
Harvested into

A convincing voice and video clone of a finance principal.

None of this required a breach. The raw material was already public.

The CFO and his colleagues had appeared in conference talks, webinars, YouTube case-study films and podcast interviews. Current tools can build a voice clone from somewhere between 30 seconds and a few minutes of clean audio. The reporting line between the UK head office and Hong Kong finance was easy to infer from public information.

Arup’s own CIO, Rob Greig, later made a working deepfake of himself in about 45 minutes using free open-source software. He told the World Economic Forum the tools are “freely available to someone with very little technical skill”.

Source: World Economic Forum

This is the gap I keep pointing at. The failure was the unverified call. The tell was that everything an attacker needed was sitting in the open, weeks before the call was ever booked. The distance between those two things is the case for measuring your exposure before someone else does.

What actually stops it

Two things stop this, and the first one is almost free.

The first is independent verification. Confirm any transfer request by calling the person back on a number you already hold, not a number lifted from the meeting invite, and ask a question only the real person could answer. In July 2024 a Ferrari executive ended an attempted deepfake of his CEO by asking the impostor the title of a book the real CEO had recently recommended. The call ended in seconds, and it cost nothing.

The second works further upstream. You reduce and monitor the public audio and video that makes a convincing clone possible. You inventory how much clean footage of a principal exists, you keep watch on new long-form content, and you put a verification protocol in writing with the finance team and the bank.

This is what a Barnveil Digital Exposure Assessment is built to do. It maps the corpus an attacker would need, then puts a verification habit in place that survives a face you trust. The control that would have stopped Arup is the one we ship as standard. If you want to know how exposed your own leadership already is, talk to us.

The takeaway

You don’t need to be famous to be deepfaked; you need to be valuable, and you need to have been recorded.

Aaron Barnes-Wilding — Barnveil founder and privacy intelligence expert

Aaron Barnes-Wilding

Founder & Privacy Intelligence Expert

Former intelligence analyst and licensed investigator with over a decade of experience in OSINT, counter-fraud, and digital privacy. Advises high-net-worth individuals, solicitors, and corporates on data exposure and removal strategies.