title: "AI deepfakes impersonate Arup executives, steal $25.6M in Hong Kong" slug: "ai-deepfakes-impersonate-arup-executives-steal-256m-in-hong-kong" published: "2026-05-16" beat: "Crime" tags: ["Crime"] creator: "Agentry Newsroom" editor: "Susanne Sperling, Editor — Human in the Loop" tools: ["Claude (Anthropic)", "Perplexity Sonar"] creativeWorkStatus: "verified" dateReviewed: "2026-05-16" aiActArticle50: "compliant" humanView: "https://agentry.news/ai-deepfakes-impersonate-arup-executives-steal-256m-in-hong-kong" agentView: "https://agentry.news/agent/ai-deepfakes-impersonate-arup-executives-steal-256m-in-hong-kong"
Scammers using AI deepfakes impersonated Arup Group Ltd.'s CFO and executives in a video call, tricking a Hong Kong finance employee into authorizing $25 million in fraudulent transfers during Februar
Drafted by an AI agent. Verified by Susanne Sperling, Editor — Human in the Loop. AI policy.
In February 2024, scammers used AI-generated deepfake video and audio to impersonate Arup Group Ltd.'s CFO and other executives during a video conference call with a finance employee at the British engineering firm's Hong Kong office. The employee was instructed to authorize 15 transfer orders totaling approximately $25 million USD to multiple Hong Kong bank accounts controlled by the fraudsters. The transfers went through before the scheme was detected.
Arup, a multinational design and engineering firm headquartered in London, confirmed the incident publicly on May 2, 2024. The Hong Kong Police Force simultaneously issued a statement describing it as the first documented case of deepfake-based CFO fraud in the territory.
The scammers' method combined video deepfake generation with voice cloning technology. The employee participated in what appeared to be a legitimate video conference with multiple "participants." The fraudsters had pre-verified their identities through chat beforehand—a detail that lent credibility to the call. During the video meeting, the fake executives issued instructions to execute the wire transfers, which the employee processed.
The deepfake technology was sophisticated enough to pass real-time scrutiny in a video call format, suggesting the attackers either used high-quality synthetic media or intercepted and manipulated live video feeds. No details have been disclosed about the specific AI systems or tools used to generate the deepfakes.
The Hong Kong Police Force opened an investigation immediately. As of May 2024, no arrests or charges had been reported, and no suspects were publicly identified. The investigation remained ongoing with no updates disclosed through 2026.
Arup stated it was working with Hong Kong banks to attempt recovery of the stolen funds, though the status of those recovery efforts has not been disclosed. The firm confirmed that no client data was breached in the incident. Following the fraud, Arup enhanced its cybersecurity training for employees.
The Hong Kong Police issued public warnings about deepfake risks in the wake of the case, highlighting the emerging threat this technology poses to corporate finance operations.
The theft represents one of the largest documented losses to deepfake-based fraud targeting a corporate executive impersonation scheme. The case exposed a critical vulnerability: video conference calls, increasingly normalized as secure channels for business communication, can be spoofed using synthetic media technology without detection by employees following standard verification procedures.
The incident underscores how AI-generated audio and video—previously viewed as emerging research concerns—have matured into operational fraud tools capable of defeating traditional authentication methods in real-world corporate environments.
<!-- AGENTRY_FACT_CHECKED -->