On a morning in January 2024, a finance employee at Arup, the British engineering firm, joined a video conference. Her CFO was on the call. So were several senior colleagues. The meeting concerned a confidential transaction requiring immediate wire transfers. Everyone looked right. Everyone sounded right. She executed 15 transactions to five Hong Kong bank accounts totalling HK$200 million — approximately $25.6 million. None of the participants were real. The CFO, the colleagues, the urgency: all of it was synthetic, constructed from publicly available video footage harvested from YouTube, conference recordings, and corporate webinars.

The employee had initially been suspicious of a phishing email that preceded the call. The video conference resolved her doubt. That is the precise function the deepfake served — not as the primary social engineering mechanism, but as the override for the scepticism that good security training had produced. The fraud did not succeed despite her caution. It succeeded because of it. The call was designed to answer the question a careful person asks before transferring $25 million.

No arrests have been made. The funds have not been recovered. Arup, to its credit, disclosed the incident — which is not the norm. Most organisations that lose money to synthetic media fraud do not announce it publicly. The Regula survey of 2024 found that 92% of businesses reported experiencing financial loss due to a deepfake, and that the average cost per incident was approximately $450,000. Twenty-eight per cent of respondents reported losses exceeding $500,000. These figures emerge from organisations willing to participate in a survey about an embarrassing failure; the actual distribution is likely worse.

The volume of attempts has grown in parallel with the losses. Entrust's 2024 data indicated one deepfake identity attack occurring every five minutes globally. Voice phishing attacks — a lower-cost variant using audio deepfakes alone — increased 442% between the first and second halves of 2024, according to CrowdStrike's 2025 Threat Report.

The Production Cost Problem

The Arup attack required assembling video deepfakes of multiple named individuals for a live video conference. In 2021, that capability would have been operationally difficult and expensive. By January 2024, it was within the reach of a competent criminal team with access to commercial AI tools and sufficient source footage. The public-facing digital output of a modern C-suite provides that source footage in abundance — earnings calls, investor days, conference panels, media appearances, LinkedIn video posts.

The capability gap between defender and attacker has narrowed in a specific direction. Detection tools exist; some are reasonably effective against known generation methods. But the generation tools update faster than the detection tools, and the marginal cost of production continues to fall. Signicat's 2025 research tracked a 2,137% increase in deepfake fraud attempts over three years — a figure that reflects not a sudden spike but a steady compounding as the barrier to entry fell year by year.

Ferrari's near-miss in July 2024 illustrates what the human detection threshold looks like when it functions correctly. A scammer using WhatsApp called a Ferrari executive with an AI voice clone of CEO Benedetto Vigna, constructing a cover story around an urgent and confidential acquisition. The executive grew suspicious — not because the voice was detectably synthetic, but because the channel was unusual. He asked the caller to name a book the real CEO had recommended days earlier. The impersonator could not answer and terminated the call. Ferrari lost nothing. The defence had nothing to do with technology. It was an out-of-band verification question that the attacker could not have prepared for.

WPP and the Pattern of Escalation

In May 2024, attackers targeted WPP CEO Mark Read using a combination of a fake WhatsApp account, a cloned audio track constructed from YouTube footage, and a spoofed Microsoft Teams meeting. The setup was more elaborate than a simple phone call: the attackers created a synthetic version of Read's voice, played it through the Teams session while managing the chat off-camera, and used this combined construction to approach a WPP agency leader about establishing a new business. The ultimate goal appeared to be a financial transfer or credential compromise. Alert staff identified the fraud; no loss was incurred.

The WPP attempt illustrates the layered architecture of well-resourced deepfake attacks. Audio alone can be defeated by an alert target who notices unusual phrasing or cadence. Video plus audio, delivered through a familiar platform with a pre-established cover story, requires the target to identify the fraud within the logic of the deception itself — which is far harder. LastPass documented a similar attempt in April 2024, in which an employee received calls, texts, and WhatsApp voicemails featuring an audio deepfake of CEO Karim Toubba. The employee identified the fraud by recognising that WhatsApp was not a standard communication channel at LastPass. LastPass disclosed the incident publicly; the willingness to do so, and the precision of the disclosure, provided useful operational intelligence to the industry.

The video call did not fabricate trust. It exploited trust that the organisation had already built — in faces, in voices, in the familiar grammar of a scheduled meeting.

The FinCEN Signal

In November 2024, the US Financial Crimes Enforcement Network issued a formal alert documenting GenAI-enabled social engineering against financial institutions. The FinCEN alert identified deepfake-assisted business email compromise, romance scams, and KYC bypass as priority typologies. Its significance is procedural as much as substantive: FinCEN alerts carry regulatory weight. Financial institutions that have not established documented controls for synthetic media fraud are now operating in a gap that examiners will eventually reach.

The KYC bypass category deserves particular attention. Deepfake fraud attempts now represent approximately 40% of all video biometric fraud attempts globally, per Entrust's 2024 data. Financial institutions that onboard customers through video identity verification — a process adopted broadly during and after the pandemic — face the specific risk of synthetic identity attacks that place fraudulent accounts inside their compliance infrastructure from day one. The account opened with a deepfake passes initial KYC. Everything that follows is the attacker's operational activity inside a legitimised structure.

Corporate attacks — CEO impersonation for unauthorised transactions — account for approximately 25% of tracked deepfake fraud losses, per Surfshark's research, against a global total of $2.19 billion in tracked losses. That figure is a floor, not a ceiling. It reflects incidents that were identified as deepfake-related, reported, and attributed. The full population of losses almost certainly extends beyond what has been characterised as such.

Field note — The effective defence against executive impersonation is not technical detection — it is procedural verification that operates independently of the communication channel. Inteliora recommends that clients establish pre-agreed out-of-band verification protocols for any request involving financial transfers or credential changes above a defined threshold: a shared code phrase, a callback to a known number, or a physical confirmation where possible. Finance teams and executive assistants are the primary attack surface; their training should treat video calls as a verifiable channel, not a trusted one. For high-risk executives, consider limiting the volume of publicly accessible video footage and rehearsing the specific scenario — "you receive an urgent call from a voice that sounds exactly like the CEO" — before it occurs rather than after.

The Arup case remains the clearest data point in the public record — a confirmed loss at scale from a fully documented synthetic media attack against a named organisation. It will not be the last case of its kind, and it is almost certainly not the largest. The organisations that have absorbed comparable losses without disclosure are present in the data only as statistical averages. The through-line from 2024 to the present is an arms race in which the attacker's tools improve continuously, the defender's training degrades without reinforcement, and the attack surface — executive digital presence — expands with every earnings call and keynote speech.

Sources & further reading

  1. CNN — Arup Deepfake Scam Confirmed: https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk
  2. Bloomberg — Ferrari Dodges Deepfake: https://www.bloomberg.com/news/articles/2024-07-26/ferrari-narrowly-dodges-deepfake-scam-simulating-deal-hungry-ceo
  3. The Guardian — WPP CEO Targeted: https://www.theguardian.com/technology/article/2024/may/10/ceo-wpp-deepfake-scam
  4. LastPass — Official Blog (Deepfake Attempt): https://blog.lastpass.com/posts/attempted-audio-deepfake-call-targets-lastpass-employee
  5. BleepingComputer — LastPass CEO Deepfake Call: https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/
  6. World Economic Forum — Arup Deepfake Lessons: https://www.weforum.org/stories/2025/02/deepfake-ai-cybercrime-arup/
  7. FinCEN Alert — DeepFakes November 2024: https://www.fincen.gov/system/files/shared/FinCEN-Alert-DeepFakes-Alert508FINAL.pdf
  8. Surfshark — Deepfake Fraud Global Losses: https://surfshark.com/research/chart/deepfake-fraud-countries