Read about the largest deepfake loss event yet?

Imagine receiving a video call from your CEO, asking you to urgently transfer millions to an offshore account. You'd follow those instructions, right? Well, that's exactly what happened at Arup, one of the world's top engineering firms - except it was all an elaborate deepfake scam that unfolded in early 2024.

The ￡20 Million Deepfake Heist in January 2024

In a shocking cyber attack in January 2024, an Arup employee was deceived into transferring a staggering HK$200 million (￡20 million) to criminals through an AI-generated video impersonating senior executives. This deepfake fraud exploited vulnerabilities in identity verification and authorization processes, highlighting the growing threat of sophisticated cyber attacks. Arup's global chief information officer, Rob Greig, acknowledged the company's operations face regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes, with the number and sophistication rising sharply in recent months leading up to the January incident.

A Wake-Up Call for Financial Services in 2024

This January 2024 incident serves as a wake-up call for the financial services industry to prioritize operational risk management and invest in advanced technologies and processes to combat deepfake fraud and other emerging cyber risks. Deepfakes pose a significant risk to financial institutions, as they can be used to impersonate executives, customers, or third parties, leading to unauthorized transactions, data breaches, or other operational disruptions.

Implementing robust identity verification protocols, multi-factor authentication, and employee training on recognizing deepfake attempts is crucial to safeguarding against such attacks.

Effective governance, risk culture, and collaboration between cybersecurity, fraud prevention, and operational risk teams are essential to build resilience against deepfake threats.