top of page


  • Marijan Hassan - Tech Journalist

Deepfake scam costs UK engineering firm £20 million

A British engineering firm, Arup, has become the victim of a sophisticated deepfake fraud, resulting in a staggering loss of £20 million. The company confirmed the incident after an employee was tricked into authorizing a large financial transfer following a video call that appeared to be with a senior executive.

Deepfake technology uses artificial intelligence to create realistic and convincing videos that can be used to impersonate real people. In this case, the criminals used a deepfake video to mimic the voice and appearance of a high-level Arup official. The targeted employee, believing they were communicating with legitimate company leadership, authorized a transfer of HK$200 million (roughly £20 million) to an account controlled by the fraudsters.

Hong Kong police had in February reported that a worker at a then-unnamed company had been tricked into transferring vast sums by people on a hoax call “posing as senior officers of the company”.

Arup has now confirmed the report when it wrote that it, “notified the police about an incident of fraud in Hong Kong.”

“Our financial stability and business operations were not affected and none of our internal systems were compromised.” the company added.

The Arup global chief information officer, Rob Greig has said that the company has been a target of multiple unsuccessful attacks before. “Like many other businesses around the globe, our operations are subject to regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes. What we have seen is that the number and sophistication of these attacks has been rising sharply in recent months.”

Arup is a leading consulting engineering firm famously known for providing the structural engineering for the Sydney Opera House including its distinctive concrete shells.

This incident highlights the growing threat of deepfakes in the realm of financial crime. The ability to create such realistic impersonations poses a significant challenge for businesses and individuals alike. Arup did not disclose details of the specific security protocols that were bypassed, but the incident is likely to prompt a reevaluation of internal procedures for authorizing financial transactions.

Experts warn that as deepfake technology continues to develop, these types of scams are likely to become more prevalent. Businesses are advised to implement robust security measures, including multi-factor authentication and employee training programs to educate staff on how to identify potential deepfake scams.


bottom of page