In January 2024, a Hong Kong-based finance employee was targeted through “deepfake” technology, which led to his unnamed company being defrauded to the tune of HK $200M ($25.6M USD). By creating a digitally manipulated impression of the company’s CFO and key staff members, the fraudster convinced the employee to remit the money in 15 wire transfers across multiple bank accounts.

At the time, the Cyber Security and Technology and Crime Bureau in Hong Kong elected to keep anonymous the name of the targeted company, as well as the individual who was duped. But, according to the Financial Times, it is now revealed the name of the company that lost the $25 million is a global engineering company named Arup.

FT confirmed the company independently through two people familiar with the matter. Arup “notified the police about an incident of fraud in Hong Kong,” confirming “that fake voices and images were used,” the company said. Further details were not given by Arup, as the incident is still under investigation by the police, and no arrests have been made. 

Deepfake generally is a synthetic media that enables one person’s likeness to be swapped for another. The term has since expanded to include ‘synthetic media applications’ and new creations such as StyleGAN, which are ‘realistic-looking still images of people that don’t exist,’ said Henry Ajder, head of threat intelligence at deepfake detection company Deeptrace.

CFOs must remain vigilant as this fraudulent technology proliferates, alongside the potential threats of Generative AI. To date, cybercriminals focus on ransomware, business email compromise and cryptojacking, according to X-Force, IBM’s cybersecurity research team. However, as reported by Cybersecurity Dive, “the threat intelligence firm expects that when a single AI technology reaches 50% market share — or when there are no more than 3 primary AI offerings — the cybercrime ecosystem will start developing tools and attacks to go after AI.”