Arup Deekfake Scam Forensic Analysis

Executive Summary

In 2024, Arup, an engineering firm based in the United Kingdom, fell victim to a deepfake attack, which led to a loss of $25 million. An employee in one of their offices in Hong Kong transferred the money after being invited to a video conference, which appeared to include many senior members, but every member was a generated video. To reduce the risk associated with deepfake technologies, organizations should implement new user training and AI detection tools.

Background

Deepfakes are a technology utilizing Artificial Intelligence (AI)-generated images, videos, and audio, which aim to mimic real life through people or images. While it has many applications in creative media, there has been a trend of its use in financial and other scams. There are two main types of models used for deepfakes: Generative Adversarial Networks (GANs) and diffusion [6]. A GAN works by using two separate AI models: one, the generator, creates the content using a real video or image, and a second AI, the discriminator, tries to detect if the content is real or AI-generated. The two models will continue to go back and forth and train each other to eventually create more realistic content [6]. Diffusion models on the other hand work by generating “noise”, random data, that is added or redacted until a clear image appears. These models can be used to restore images, videos, or be prompted to generate new content [6].

The scammers initially sent a phishing email to the Arup employee, who was reportedly skeptical of the interaction [1]. Phishing is a type of attack vector where an email looks legitimate but comes from a malicious source. The email posing as Arup’s Chief Financial Officer said that they needed to initiate a “secret transaction.” The employee was then invited to a video conference call where many known and familiar faces in the company’s hierarchy were present, but where every individual was a generated deepfake. This gave the employee the confidence that the request was legitimate and led to them sending the money [1].

In this case, the attackers were able to successfully implement a social engineering attack, where an attacker relies on gaining the trust or confidence in a victim and exploiting it to get what they want. The attacker initially started with a phishing email and built credibility in the request by giving them visual confidence of the people behind the decision [2]. The social engineering techniques used were leveraging authority by making it appear that the request came from someone higher up in the company and our trust in visuals, through providing AI-generated audio and video of known figures [1].

Impact

As a result, about $25 million was sent out to 5 bank accounts in Hong Kong [1]. The theft was not noticed until the employee who fell victim to the attack followed up with a higher-up at Arup, who had no knowledge of the meeting of transactions. As of late 2025, the investigation remains  ongoing, and no new information about the attacker has been publicly released.

The Arup incident shows a current trend in the utilization of AI to commit fraud and social engineering attacks. A statement from Arup’s Chief Intelligence Officer, Rob Greig, discusses how this incident differs from how people think of traditional cyberattacks. The attackers didn’t compromise any systems or data; instead, they perpetrated a convincing social engineering attack, which experts are seeing as a concerning trend [1]. Attackers are utilizing deepfake technology, with a projected $40 billion loss due to AI fraud by 2027 [3]. Voice cloning attacks, where an AI replicates a victim’s voice, are the most common, as they are easy to create, only needing 3 seconds of audio. As the threat landscape shifts toward AI-powered attacks, organizations need to start thinking of how they can protect themselves.

Mitigation

Detecting deepfakes can be challenging, as their goal is to look or sound as realistic as possible. One strategy that companies can use to combat these attacks is to update and implement user training with a focus on identifying deepfakes. Indicators of AI-generated content to look for include inconsistencies such as, facial anomalies or lip-sync issues [5]. An AI model is only as good as the training it receives, but they are not perfect and make mistakes that can be noticed.

Organizations should train their users to identify these inconsistencies, indicators like excessively smooth skin or inconsistent lighting can be signs of AI-generation [5]. Users should look out for the audio and lip movement not matching up. However, relying on the user to detect deepfakes alone is not a sustainable defense as deepfakes become more realistic. Instead the use of AI detection tools should be implemented, similarly to the way GAN models work and are trained to detect if an image is real or AI-generated [4]. These tools spot inconsistencies and can utilize forensic and metadata analysis to determine the source. When dealing with large transactions, trusted channels of communication, where, instead of a phone call or email, can be used. Another practice is having more than one individual who approves large transactions to help verify their legitimacy. A combination of user, AI tools, and secure communication practices can be used to combat the threat that deepfake attacks pose.

Relevance

The use of a deepfake to scam Arup out of $25 million is a showcase that threats are evolving, and traditional methods of detection need to change. Simple user training and awareness will not be enough to detect and prevent deepfake attacks. Implementing AI tools to detect AI content is one way of mitigation, along with implementing proper protocols when dealing with large deposits and transactions. AI and deepfake attacks will continue to pose a threat as the technology continues to evolve, and organizations that fail to adapt to these changes are at risk of similar scams.

References

[1] Adeptive Team. (2025, April 23). Arup’s $25M Deepfake Loss: Anatomy of an AI-Powered Scam. Areptive. https://www.adaptivesecurity.com/blog/arup-deepfake-scam-attack

[2] Elliot, D. (2025, February 4). ‘This happens more frequently than people realize’: Arup chief on the lessons learned from a $25m deepfake crime. World Economic Forum. https://www.weforum.org/stories/2025/02/deepfake-ai-cybercrime-arup/

[3] Khalil, M. (2025, September 8). Deepfake Statistics 2025: AI Fraud Data & Trends. DeepStrike. https://deepstrike.io/blog/deepfake-statistics-2025

[4] Lenaerts-Bergmans, B. (2025, January 16). What is a Deepfake Attack?. Crowdstrike. https://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/deepfake-attack/

[5] Moore, J. (2025, August 28). How to detect deepfakes: A practical guide to spotting AI-Generated misinformation. Eset blog. https://www.eset.com/blog/en/home-topics/cybersecurity-protection/how-to-detect-deepfakes/

[6] Swatton, P., Leblanc M. (2024, June 4). What are deepfakes and how can we detect them?. The Alan Turing Institute. https://www.turing.ac.uk/blog/what-are-deepfakes-and-how-can-we-detect-them