LEGALAUDIT

Scam Watch

How can you recognize Multi party deepfake Zoom call impersonating CFO + execs (Arup $25M HK case Jan 2024)?

TLDR

Attackers harvested LinkedIn/YouTube/webinar footage of Arup execs, trained real time face swap + voice clone models, then invited a Hong Kong finance staffer to a Microsoft Teams call where EVERY other participant (CFO + colleagues) was...

How it works

Attackers harvested LinkedIn/YouTube/webinar footage of Arup execs, trained real time face swap + voice clone models, then invited a Hong Kong finance staffer to a Microsoft Teams call where EVERY other participant (CFO + colleagues) was...

Red flags

  • Urgent pressure to click, pay, or share codes immediately.
  • A link or sender that does not match the official organization.
  • Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What to do

  1. 1Tells: 1) all 'execs' on call respond but never reference shared private context; 2) lip sync drifts during long sentences; 3) eye contact unnatural — gaze fixed to center; 4) participants never accidentally interrupt each other; 5) initial spear phish email preceded video invite; 6) urgency to wire before market close.
  2. 2DO: enforce out of band verification (known mobile, code word) for ANY wire threshold; ban single approver wires.

Source

Hong-Kong-Police-Force

Source reviewed by Mythos Forensic Team

https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk

FAQ

Is Multi party deepfake Zoom call impersonating CFO + execs (Arup $25M HK case Jan 2024) a real scam pattern?

Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.

What are the first warning signs?

Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What should I do first?

Tells: 1) all 'execs' on call respond but never reference shared private context; 2) lip sync drifts during long sentences; 3) eye contact unnatural — gaze fixed to center; 4) participants never accidentally interrupt each other; 5) initial spear phish email preceded video invite; 6) urgency to wire before market close.; DO: enforce out of band verification (known mobile, code word) for ANY wire threshold; ban single approver wires.

Can LegalAudit check my case?

Yes. Start a free chat and paste the message, link, sender, or payment details for triage.