Module 2.1 — Anchor Case: Arup HK$200M Deepfake BEC

50-minute lecture · Day 2 morning

Learning objectives

By end of this module, students can:

1. Walk the full timeline of the Arup Hong Kong deepfake video BEC (February 2024, HK$200M / ~US$25.6M) from initial contact to discovery
2. Name at least four other real, well-sourced deepfake-enabled fraud incidents from 2024-2026 — confirming this is a pattern, not a one-off
3. Cite the FBI IC3 2024 and 2025 statistics on BEC and AI-related fraud losses
4. Identify the workflow gap (out-of-band verification absence) as the durable detection point across every case in the module

The Arup case in detail

The single most-cited deepfake fraud incident in the public record is Arup, Hong Kong, February 2024. Arup is a multinational engineering consultancy headquartered in London with offices worldwide; the Hong Kong office was the victim.

The timeline (per Hong Kong Police press conference, February 2024):

1. A finance-employee at Arup’s Hong Kong office received an email purporting to be from the UK-based Chief Financial Officer requesting urgent confidential transactions
2. The employee, suspicious, was invited to a multi-party video conference call to “verify” the request with the CFO and other senior colleagues
3. On the video call, all other participants appeared to be Arup executives the employee recognized. Voices, faces, and mannerisms matched. In reality, every other participant was a deepfake. The employee was the only human in the call.
4. Over the course of the call and subsequent instructions, the employee executed 15 transfers totaling HK$200 million (~US$25.6 million at the time) to accounts in Hong Kong
5. The fraud was discovered approximately one week later when the employee mentioned the transactions to colleagues at Arup headquarters in the UK during routine work conversation — those colleagues had no knowledge of the alleged acquisition

The defining detail: Arup confirmed through HK Police that the deepfakes were sophisticated enough to fool a trained finance professional in a multi-party video call. Voice, video, and conversational behavior were all convincing in real time.

The case is frequently misstated in subsequent reporting. To use as instructor:

• Date: January-February 2024 (HK Police press conference was February 2024)
• Loss amount: HK$200 million / approximately US$25.6 million (not “$25M USD” directly — the conversion matters for accurate citation)
• Location: Hong Kong office of Arup (UK-headquartered company)
• Mechanism: Multi-party deepfake video call, not just voice

The follow-on cases (2024-2026)

The Arup case is not a one-off. The verifiable pattern across 2024-2026:

Ferrari deepfake CEO attempt — July 2024 (thwarted)

Ferrari executives received a series of WhatsApp messages purportedly from CEO Benedetto Vigna, then a phone call where a voice convincingly mimicked Vigna’s Southern Italian accent. The voice claimed to be discussing a confidential acquisition requiring an urgent currency-hedge transaction.

How it was foiled: The targeted executive asked a question only Vigna would know — the title of a specific book Vigna had recommended days earlier. Decalogue of Complexity: Acting, Learning and Adapting in the Incessant Becoming of the World by Alberto Felice De Toni. The scammer could not answer; the call ended.

Source: Reported in Bloomberg (July 26, 2024), Fortune, MIT Sloan Management Review, and Ferrari’s own public statements. The case is included in the AI Incident Database as Incident 966.

WPP CEO Mark Read attempt — May 2024 (thwarted)

WPP — the world’s largest advertising group — experienced an attempted deepfake impersonation of CEO Mark Read. Attackers established a fake WhatsApp account, then convened a Microsoft Teams video call using a voice clone of Read built from publicly available video footage. The intent was to convince a senior agency leader to set up a fake “new business” account that would be a conduit for fraudulent fund flows.

How it was foiled: The targeted leader recognized an out-of-band channel anomaly and verified the request through a separate trusted communication channel. Read confirmed in an internal memo that the attack was unsuccessful.

Source: Internal WPP memo published by The Guardian and confirmed by multiple security publications. AI Incident Database entry 983.

LastPass CEO voice deepfake — April 2024 (thwarted)

An employee at LastPass received WhatsApp messages and a voice call cloning the CEO’s voice. The voice attempted to extract sensitive information about company operations.

How it was foiled: The targeted employee recognized that the CEO would not contact them through WhatsApp at all, and reported the attempt without engaging further. LastPass disclosed the attempt publicly.

Source: LastPass security blog post, April 2024.

Hong Kong $46M deepfake romance/crypto scam syndicate — October 2024

Hong Kong Police arrested 27 individuals in October 2024 in a coordinated raid on a 4,000-square-foot industrial facility in Hung Hom that had been running a deepfake-enabled romance/crypto scam operation since October 2023. The syndicate used deepfake video and voice clones in real-time video calls to impersonate idealized romantic partners, then lured victims into fraudulent cryptocurrency investments.

Total losses: HK$360 million (approximately US$46 million) across victims in Taiwan, Singapore, India, and elsewhere in Asia.

Significance for the SOC: This is the first major operationalized criminal enterprise using deepfakes at industrial scale. The suspects were aged 21-34, mostly digital media and technology university graduates recruited specifically for their technical capability. Training manuals in English and Chinese documented the process for the new recruits.

Source: Hong Kong Police press conference October 15, 2024. Covered by CNN, South China Morning Post, Decrypt, and others.

The FBI IC3 numbers

The annual FBI Internet Crime Complaint Center reports quantify the scope:

2024 IC3 Annual Report (released March 2025):

• Total cyber-enabled fraud losses: ~$13.7 billion
• BEC losses specifically: $2.77 billion (2.4% increase from 2023)
• Tech-support and vishing-class fraud: significant component, exceeding $1.4 billion in elder-targeted fraud alone

2025 IC3 Annual Report (released early 2026):

• First year of formal “AI-related fraud” tracking: approximately $893 million in directly-attributed losses
• Tech-support / vishing class fraud: ~$2.1 billion (significant increase year-over-year)

These figures under-report AI-enabled fraud because the IC3 categorization depends on victim awareness of the AI angle. Many BEC losses are recorded as conventional BEC even when AI-generated content was involved. The $893M direct attribution is a floor, not a ceiling.

The FinCEN angle: in November 2024, FinCEN issued FIN-2024-Alert004 specifically alerting financial institutions to deepfake-enabled fraud, providing nine specific red-flag indicators, and instructing reporting institutions to tag Suspicious Activity Reports with the keyword FIN-2024-DEEPFAKEFRAUD in field 2 of the SAR.

The pattern across every case

Look at all five cases above. The thwarted attempts (Ferrari, WPP, LastPass) share a common defense: the targeted employee invoked an out-of-band verification channel the attacker did not control.

• Ferrari → asked a book-recommendation question only the real CEO would know
• WPP → recognized the unusual contact channel and verified through trusted means
• LastPass → recognized that the CEO would not use WhatsApp; reported instead of engaged

The successful attack (Arup) failed at exactly this point: there was no out-of-band verification in the workflow before the employee executed transfers totaling $25M.

This is the architectural lesson for Day 2:

Artifact detection alone is not the durable control. The workflow gap — the missing out-of-band verification — is both the cause of successful attacks and the highest-fidelity detection signal.

Day 2’s remaining modules apply this principle:

• Module 2.2 covers audio deepfake detection. We’ll teach the techniques, but the lab deliberately produces a deepfake that scores below the audio detector’s threshold — to make the point that you cannot rely on the artifact classifier alone.
• Module 2.3 covers video deepfake detection. Same lesson, more emphatic: video detection has fallen further behind generation than audio detection has.
• Module 2.4 is the workflow-gap SIEM detection that catches the wire transfer regardless of artifact-level success or failure.
• Module 2.5 extends to synthetic identity — same pattern at a different layer.
• Module 2.6 is the IR playbook the SOC runs when prevention failed.

Discussion questions (~10 min)

1. Arup’s loss happened over 15 transfers across a single afternoon. What workflow-gap detection would have caught it after the first or second transfer instead of waiting for human discovery a week later?
2. Ferrari, WPP, and LastPass were all thwarted by human judgment, not by deepfake detection technology. What does this tell us about where the detection engineer should invest first — detection technology or workflow controls?
3. The Hong Kong romance-scam syndicate operated for over a year before disruption. The victims were retail users on dating platforms, not corporate finance teams. Does the same workflow-gap principle apply when the victim is an individual user? What does that look like at the platform layer (Tinder, Hinge, Bumble)?

Common misconceptions to call out

What’s next

Module 2.2 covers synthetic audio detection — what’s actually catchable in 2026, where the state of the art sits relative to current voice-clone models, and the Python pipeline you build into your SOC.