Deepfake CEO Fraud: Arup’s $25M Wake-Up Call
A finance employee at the global engineering firm Arup joined a video call with five colleagues, including the company’s UK based chief financial officer. Every person on that screen except him was an AI generated fake. Over the following weeks he approved 15 wire transfers totaling HK$200 million, roughly $25 million, to bank accounts the criminals controlled. That is deepfake CEO fraud, and it stopped being a one-off curiosity the moment the FBI started tracking it as its own crime category. The real lesson from Arup has less to do with spotting a fake face on a screen and more to do with who, inside your company, is allowed to approve a transfer in the first place.
If you sit anywhere near a payment approval chain, in finance, security, or the general counsel’s office, this is the case study worth understanding properly. And the fix is cheaper, and far less exotic, than most detection vendors would like you to believe.
What Actually Happened at Arup
The attack didn’t start with a video call. It started with an email, supposedly from Arup’s UK based CFO, requesting a confidential transaction. The employee who received it suspected phishing and didn’t act on it immediately, which is exactly the instinct security teams spend years trying to train into staff.
Then came the follow up: an invitation to a video conference where the CFO and several other colleagues appeared to be present. They weren’t. Every other participant on that call had been recreated using publicly available video and audio of the real executives, including footage from internal company meetings. Convinced he was speaking with real leadership, the employee proceeded to authorize 15 separate transfers to five Hong Kong bank accounts, totaling HK$200 million.
Nobody caught it in real time. The fraud only surfaced when the employee later checked in with Arup’s head office. Hong Kong police disclosed the case publicly on February 2, 2024, with senior superintendent Baron Chan Shun-ching giving the on record account. Arup confirmed in May 2024 that it was the company involved, telling press that “fake voices and images” were used and that attacks of this kind had been rising sharply in sophistication. As of the most recent reporting available, no arrests have been announced and the funds haven’t been recovered.
“Once fraudsters start making money, they fuel their fraud components with that funding.” Matthew Miller, Principal, Cybersecurity Services, KPMG US · via CFO Dive
Miller’s point, made shortly after Arup went public, is the uncomfortable economic logic underneath all of this: deepfake fraud isn’t a novelty attack run by a handful of specialists. It’s profitable enough now to fund its own expansion.
Arup Wasn’t First, and It Won’t Be Last
The Arup case gets the headlines because of its scale and its use of live video, but it sits on a timeline that stretches back further than most coverage admits, and continues well past it.
| Date | Case | Loss | What Made It Notable |
|---|---|---|---|
| March 2019 | UK energy firm (via German parent company impersonation) | €220,000 (~$243K) | First widely documented AI voice clone CEO fraud |
| January 2024 | Arup, Hong Kong | ~$25M | First major case using a live, multi person video deepfake |
| January 2026 | Entrepreneur in canton Schwyz, Switzerland | “Several million” Swiss francs | Voice deepfake sustained across a two week call sequence |
| April 2026 | FBI IC3 2025 Annual Report | $893M (AI related fraud, all categories) | First year “AI related” tracked as a formal crime descriptor |
There’s also a quieter 2020 case, cited in academic research on deepfake detection, where a Hong Kong bank manager authorized $35 million in transfers after a deepfake phone call impersonating a company director he’d actually spoken with before. It got far less press than Arup, but it tells you the same trick worked years before anyone had a name for it.
The Swiss case in January 2026 matters for a different reason: it confirms this hasn’t tapered off since Arup made headlines. It’s also worth saying plainly what the data does not support: there’s no verified cluster of three additional named, dollar confirmed enterprise deepfake cases within 90 days of any single incident. Several vendor blogs imply otherwise with vague “more cases followed” framing that doesn’t trace back to primary reporting. Be skeptical of round, dramatic numbers in this space that don’t link to a named source.
The Numbers: How Big Is This, Really
Individual cases make for a good story. The aggregate numbers are what should actually change how your company approves money.
| Statistic | Source | Date |
|---|---|---|
| 62% of organizations hit by at least one deepfake incident in 12 months | Gartner survey of 302 security leaders | Sept. 2025 |
| $893M in AI related fraud losses reported to the FBI | FBI IC3 2025 Annual Report | Released April 2026 |
| 1,300% surge in deepfake fraud attempts at enterprise contact centers | Pindrop, analysis of 1.2B+ calls | 2024 data, June 2025 report |
| 73% human accuracy detecting AI speech deepfakes by ear | Peer reviewed listening study, NCBI/PMC | Published study |
| 87% of finance staff would process a payment if “called” by their CEO or CFO | Medius Financial Census, 1,533 respondents | June 2024 |
| $20.9B total IC3 reported cybercrime losses (AI fraud is ~4% of that) | FBI IC3 2025 Annual Report | 2025 (reported 2026) |
The 62% figure from Gartner is the single most useful “how common is this” data point in the field right now, because it comes straight from the analyst firm’s own release rather than a secondhand paraphrase.
“Employees really are on the frontline of trying to spot something unusual.” Akif Khan, Senior Director Analyst, Gartner Research
Worth flagging a number that often gets misused: the widely cited $1.1 billion figure for total US deepfake fraud losses in 2025 (a tripling from $360 million in 2024, per Surfshark’s analysis) is mostly driven by something different than what happened at Arup. Roughly 80% of that total comes from celebrity and executive impersonation investment scams spread through social platforms like Facebook, WhatsApp, and Telegram, not targeted B2B wire fraud against a single employee. Conflating the two makes for a scarier headline, but it’s the wrong comparison.
And one honesty check on scale: AI related fraud, at $893 million, is still roughly 4% of the FBI’s total $20.9 billion in 2025 cybercrime losses. The FBI itself flags this as a likely undercount, since most victims don’t identify the AI component when they file a complaint. That cuts both ways: the real number could be higher, but claiming certainty about “how big this is right now” overstates what the data actually shows.
Why You Can’t Detect Your Way Out of This
The instinct, understandably, is to fight AI with AI: buy a tool that flags synthetic voices and faces before anyone wires money. The evidence says that’s not where the real advantage sits, at least not yet.
In a controlled listening study covering both English and Mandarin speech, human listeners correctly identified AI generated speech deepfakes only 73% of the time, even after being shown examples beforehand. That’s well above the unsourced “24.5% detection rate” figure that circulates on vendor blogs without a clear citation trail (treat that number as unverified if you’ve seen it elsewhere), but 73% is still nowhere near reliable enough to bet a wire transfer on.
Automated detection isn’t meaningfully better yet. Gartner’s own newer research on deepfake heavy social engineering warns that detection remains probabilistic and that benchmarks lag behind how fast generation tools improve. In practical terms: any vendor promising a near perfect detection rate today is selling you a number that won’t hold up against next year’s model.
A more defensible architecture, one NeuralWired has covered separately in our guide to zero trust security, treats every request as unverified by default rather than trying to spot the fake in real time. That principle, “never trust, always verify,” is exactly what the next section is built on.
The Real Fix: Kill the Trust, Not the Deepfake
Here’s the uncomfortable part. The Arup fraud worked not because the deepfake was flawless, but because the company’s process let one employee’s belief, however reasonably formed, authorize a $25 million transfer.
Medius surveyed 1,533 finance professionals across the US and UK and found that 53% had already been targeted by a deepfake scam, and 43% had fallen for one. The number that should worry every CFO most: 87% admitted they would process a payment if “called” by their CEO or CFO, and 57% of finance professionals can authorize transactions independently, without a second approval.
“Scammers are creating fake audio clips of CEOs and CFOs.” Ahmed Fessi, Chief Transformation & Information Officer, Medius
Fessi’s broader point is that executives generate their own attack surface just by doing their jobs: earnings calls, conference panels, YouTube interviews, LinkedIn videos. All of it is raw material. You can’t stop a CEO from giving an earnings call. You can stop a single voice, no matter how convincing, from being sufficient authorization to move money.
A research team at the security publication DeepStrike makes the contrarian case worth sitting with: a basic rule requiring callback verification through a pre-registered phone number before any high value transfer “would have stopped the attack cold,” regardless of how perfect the deepfake was. Their broader argument pushes back on the industry’s heavy spend on detection tooling, suggesting companies stop trying to turn every employee into a forensic audio analyst and instead fix the approval workflow itself.
The minimum viable version of that fix looks like this:
- Out-of-band callback verification for any urgent, confidential, or high value transfer request, using a number pulled from an internal directory, never one given during the suspicious call itself.
- Dual authorization above a fixed dollar threshold, removing any single employee’s ability to independently move large sums, regardless of how senior the request appears to come from.
- A documented “no exceptions” policy that survives social pressure, including a fake executive expressing urgency or annoyance about the delay.
- Scenario based simulation, using mock deepfake calls rather than slide deck training, since the exploit here is authority compliance, not unfamiliarity with the concept of deepfakes.
What This Means for Your Team
For Finance and Treasury Teams
If you can independently authorize a wire transfer today, that’s the gap an attacker is counting on, not a convenience worth keeping. Push for mandatory dual sign off and a documented callback policy before your company becomes the next case study, not after.
For CISOs and Security Leaders
Annual phishing-style training has shown limited effect on deepfake susceptibility specifically, because the vulnerability is trust in authority, not unfamiliarity with the attack format. Live simulation exercises are cheap relative to a detection tool purchase, and they target the actual failure point. Also worth checking: how your cyber insurance policy classifies this. Deepfake enabled wire fraud is typically bucketed as social engineering fraud, which many standard policies exclude or cap well below data breach coverage.
For General Counsel and Compliance
Regulatory exposure is shifting. The FCC’s 2024 ruling that AI generated voices count as “artificial” under the Telephone Consumer Protection Act, the FTC’s 2024 rule banning AI impersonation of businesses, Tennessee’s ELVIS Act, and the FBI naming “AI related” as a formal crime category all point the same direction: a company that suffers a loss without a documented verification protocol will have a harder time in a regulatory or insurance dispute than one that had a tested process, even if that process failed once. Our earlier coverage of the FBI’s IC3 guidance on ransomware prevention walks through how documented controls increasingly shape post-incident outcomes, and the same logic now applies here.
The Honest Limit of Prevention
None of this eliminates the underlying problem. Callback verification, dual authorization, zero trust workflows, all of it addresses the moment of the transfer. None of it touches the first stage of these attacks: reconnaissance using an executive’s own public footage.
CEOs and CFOs can’t realistically stop giving interviews, earnings calls, or conference talks. That means the raw material for cloning a voice or a face will keep accumulating no matter how tight your internal controls get. The honest conclusion isn’t that this is solvable. It’s that companies can meaningfully cut the success rate of these attacks through process design, while accepting that the vulnerability itself, executives having public voices and faces, isn’t going away.
Frequently Asked Questions
How does deepfake CEO fraud actually work?
Attackers gather public audio and video of an executive from earnings calls, interviews, or conference talks, then generate a synthetic voice or video. They contact an employee, often through a spoofed email followed by a live or recorded video call, impersonating the executive to authorize an urgent, confidential wire transfer.
How much money did Arup lose in its deepfake scam?
A Hong Kong finance employee at Arup transferred HK$200 million, roughly $25 million, across 15 transactions in January 2024 after a video call where the CFO and several colleagues were entirely AI generated. The case was disclosed by Hong Kong police on February 2, 2024.
Can you actually detect a deepfake voice or video call?
Not reliably. A peer reviewed listening study found humans correctly identify speech deepfakes only about 73% of the time, and Gartner’s own research warns that automated detection remains probabilistic, with benchmarks that lag behind how fast deepfake generation tools improve.
How do companies protect themselves against deepfake CEO fraud?
The most effective defense is procedural, not technological: requiring independent, out-of-band verification, such as a callback to a pre-registered phone number, for any high value transfer requested by voice or video, no matter how convincing the request sounds or looks.
Does cyber insurance cover deepfake fraud?
It depends on the policy. Deepfake enabled wire fraud is typically classified as social engineering fraud, which many standard cyber insurance policies exclude or cap at lower limits than data breach coverage. Companies should review their specific social engineering and funds transfer sub-limits now.
How many organizations have experienced a deepfake attack?
62% of organizations reported experiencing at least one deepfake related incident, whether social engineering or exploitation of automated identity verification, in the prior 12 months, according to a Gartner survey of cybersecurity leaders released in September 2025.
Where This Goes Next
What Arup actually proves isn’t that AI fakes are unbeatable. It’s that most companies still let a single, well meaning employee’s judgment stand between a convincing phone call and a multi million dollar wire transfer. Fix that approval chain and the sophistication of the deepfake stops mattering nearly as much.
Three things worth watching over the next 6 to 18 months:
- H.R. 1734, the Preventing Deep Fake Scams Act, which would stand up a Treasury led task force on AI financial fraud best practices. Its progress is worth tracking as a signal of where federal policy lands.
- Cyber insurance language. Watch for insurers introducing explicit deepfake or synthetic media sub-limits, separate from general social engineering fraud coverage, as claims data accumulates.
- The FBI’s 2026 IC3 report, due in early 2027, which will be the first year-over-year comparison for the “AI related” crime category and should clarify whether $893 million was a baseline or an outlier.
The pattern so far is consistent: the technology keeps getting better, and the fraud keeps working through the same gap in approval process. That gap is the one part of this problem any company can close this quarter, without buying a single piece of detection software.
Stay Ahead of the Next Wire Fraud Headline
Get NeuralWired’s analysis on AI security threats, straight to your inbox, before they make headlines.
Subscribe to The Neural Loop