British engineering firm Arup has confirmed it was the victim of a serious deepfake scam after one of its Hong Kong-based employees was misled into sending $25 million to fraudsters.
In a statement, Arup confirmed it was the company involved but they attempted to limit the damage to the company’s reputation, stating “Our financial stability and business operations were not affected and none of our internal systems were compromised.”
The scammers impersonated “senior officers of the company”, using fake voices and imagery, as relayed by Hong Kong police earlier this year when the hoax call duped the staff member to transfer a vast amount of money.
Police said an employee was invited onto a conference call with many others who “looked like the real people”. The unsuspecting person went on to transfer a total of HK$200 million (USD $25 million) to five local bank accounts through 15 individual transactions.
So far, no arrests have been made but the investigation is ongoing with the case classed as “obtaining property by deception”.
Audacious cyber attacks are rising in sophistication and frequency
Arup, a multinational design firm, is renowned for its involvement in world-famous landmarks such as the Sydney Opera House, where it provided structural engineering works; the Sagrada Familia in Barcelona; and the Olympic Stadium (Bird’s Nest) in Beijing. Arup employs around 18,000 across the globe.
Company chief information officer Rob Greig wanted the critical incident to sound as an alarm call for other businesses and organizations, as he revealed they had been targeted in previous cyber attacks, including deepfakes.
“Like many other businesses around the globe, our operations are subject to regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing and deepfakes. What we have seen is that the number and sophistication of these attacks has been rising sharply in recent months,” he said.
Image credit: Ideogram