A multinational company lost HK$200 million (US$25.6 million) in a scam after employees at its Hong Kong branch were fooled by deepfake technology, with one incident involving a digitally recreated version of its chief financial officer ordering money transfers in a video conference call, police said.

Everyone present on the video calls except the victim was a fake representation of real people. The scammers applied deepfake technology to turn publicly available video and other footage into convincing versions of the meeting’s participants.

Police said they were highlighting the case as it was the first of its kind in Hong Kong and involved a large sum. They did not reveal details about the company or the employees involved.

Acting senior superintendent Baron Chan Shun-ching said that in previous cases, scam victims were tricked in one-on-one video calls.

“This time, in a multi-person video conference, it turns out that everyone you see is fake,” he said, adding that the scammers were able to generate convincing representations of targeted individuals that looked and sounded like the actual people.

Deepfake technology was in the news last month, after fake sexually explicit images of pop superstar Taylor Swift were spread on social media sites.

Deepfake porn images of Taylor Swift have gone viral. Fans are fighting back

The police report was made by an employee in the branch’s finance department, who received what appeared to be a phishing message in mid-January, apparently from the company’s UK-based chief financial officer saying a secret transaction had to be carried out.

Chan said despite having an early “moment of doubt”, the employee fell for the ruse after being invited to the group video conference and finding the company’s CFO present, along with other staff and some outsiders.

The company employees in the call looked and sounded like real people the targeted employee recognised.

6 in Hong Kong arrested over use of AI deepfake to apply for loans

Chan said the employee followed instructions given during the meeting and made 15 transfers totalling HK$200 million to five Hong Kong bank accounts.

The entire episode lasted about a week from the time the employee was contacted until the person realised it was a scam upon making an inquiry with the company’s headquarters.

Police carried out an investigation and found that the meeting participants had been digitally recreated by scammers who used publicly available video and audio footage of the individuals.

“They used deepfake technology to imitate the voice of their targets reading from a script,” Chan said, adding that this helped to deceive the employee.

Chan said that during the video conference, the scammers asked the victim to do a self-introduction but did not actually interact with the person. The fake images on screen mainly gave orders before the meeting ended abruptly.

The scammers then stayed in touch with the victim through instant messaging platforms, emails and one-on-one video calls.

Chan said scammers approached another employee at the branch using the same multi-person video call tactic. The force said two to three employees in total had been approached by scammers, but did not provide full information on their encounters.

Police are still investigating and no arrests have been made.

The force said it hoped members of the public were aware that scammers were now capable of using deepfake technology in new ways.

Senior Inspector Tyler Chan Chi-wing said there were several ways to check whether a person who appeared on a screen was a fake, digital recreation.

Nvidia chief sees rise of ‘sovereign AI’ infrastructure across nations

He suggested asking the person to move their head, posing questions to determine their authenticity and become immediately suspicious the moment money is requested.

Separately, police said they would expand their alert system covering the Faster Payment System (FPS) to warn users they were transferring money to accounts linked to scams.

Covering FPS transfers at 35 banks and nine stored-value services, it will be extended to local instant money transfers online and offline by the second half of the year, including through mobile applications, automatic teller machines and bank counters.

Anyone who enters details of an account linked to scams in the database of the police force’s Scameter search engine will get an alert.