TAICI
← Blog
Date 2026-06-12
Tags research notes / case study

Anatomy of a Scam: The Arup Deepfake CFO Fraud

In January 2024, a finance employee at the engineering firm Arup's Hong Kong office executed 15 wire transfers totaling US$25.6 million to five bank accounts. The transfers were authorized on a video call where every other participant — the company's CFO and several colleagues — was an AI deepfake generated from publicly available meeting footage. The employee had initially flagged the phishing email that set up the call as suspicious. The video call is what defeated that judgment. The funds were never recovered.

This is the first in a series of case studies walking real incidents through our Scam Killchain, stage by stage. The Arup case is worth starting with because it is the cleanest public example of what AI uplift in social engineering actually looks like.

The objective throughout was pure financial fraud: authorize roughly HK$200 million (US$25.6M) in corporate wire transfers. No network intrusion, no malware, no data theft. The entire attack targeted a single human decision — one employee agreeing that a payment request was legitimate — and that goal shaped every stage below.

Stage 1: Recon and Target Acquisition

The attackers needed two things from reconnaissance: a victim and a cast. They identified a Hong Kong finance employee with the authority to execute payments, and the senior executives — above all the UK-based CFO — whose impersonation would carry enough weight to move money. Both halves of that research are achievable from public sources: org charts, LinkedIn, press coverage, corporate filings.

Stage 2: Resource Development

This is where the case departs from classic business email compromise. The attackers built deepfake video and cloned voices of the CFO and several colleagues, using publicly available meeting footage as training material. Executives at large firms appear in recorded webinars, earnings calls, panel talks, and internal videos that leak outward — more than enough source material for current-generation synthesis tools.

Alongside the deepfakes, they prepared a conventional bait: a spear-phishing email from the "UK CFO" describing a confidential transaction that required discretion. The email's job was not to be believed outright. Its job was to set up the call.

Stage 3: Victim Contact and Engagement

First contact was the phishing email — and it failed, in the sense that defenders usually mean. The employee suspected it. A confidential request for secret transfers from an overseas executive is exactly the pattern that security awareness training drills on, and the training worked.

Then came the group video conference. The employee joined a call populated entirely by deepfaked senior colleagues: the CFO and several other familiar faces, looking and sounding right. That manufactured social proof did what the email could not. A request that looks dubious in text feels legitimate when several recognizable people appear to confirm it in real time.

Stage 4: Persistence of Scam

The pressure on the call combined three classic levers. Authority: the request came from the CFO. Secrecy: this was a "confidential deal," which conveniently forecloses the obvious countermeasure of asking around. And peer consensus: the other participants on the call appeared to treat the transaction as routine. Each lever reinforced the others — checking with a colleague feels unnecessary when colleagues are apparently already on the call, and feels like a betrayal when the deal is supposed to be secret.

Stage 5: Fraud Event

Convinced the request was real, the employee agreed to execute the transfers himself — no credentials stolen, no systems breached. Fifteen transfers went out in a single day to five Hong Kong bank accounts controlled by the attackers. The fraud "event" here was not an exploit but an authorization: the victim's own hands on the keyboard, which is precisely what makes this class of attack so hard to interdict.

Stage 6: Monetization

From the five collection accounts the money dispersed through mule networks, moved on before it could be clawed back. None of it was recovered, and no perpetrator has been publicly identified.

What the AI actually changed

It's worth being precise about where the uplift was. The human in this story did the right thing at the point where defenses are usually aimed: he read a suspicious email and doubted it. In the pre-deepfake version of this scam, that's where the killchain breaks.

What AI changed is that the verification step itself was compromised. "Get the CFO on a video call" used to be a reasonable control — synthesizing a live, interactive video presence of a specific executive was out of reach for ordinary fraud crews. Now it's an engineering task with publicly available inputs. The deepfake call didn't bypass the employee's skepticism; it answered it, with exactly the kind of evidence he'd been trained to ask for.

That's the general pattern we expect from AI uplift in scams: not new stages in the killchain, but cheap, scalable defeat of the verification rituals that the old killchain trained us to rely on. For the full stage-by-stage framework this walkthrough follows, see the Scam Killchain.