A DORSET cyber security firm is warning businesses of a new sophisticated new email scam.

C3IA Solutions in Poole is urging companies to be vigilant as Business Email Compromise (BEC) is a fast-developing crime.

One way criminals work is to create an email that looks like it comes from a known contact and is worded in a way that persuades the targeted company to send money.

Offenders are also using AI to replicate the type of wording used in emails so their fraudulent ones sound right as well as look right.

Rory Griffin from C3IA Solutions said: “Government figures show that about half of all businesses have reported a cyber breach or attack, and BEC attacks make up a large number of them.

“The attacks using personalised, impersonation emails are becoming less and less likely to succeed because of better filters and security.

“But a compromised, legitimate and known email account would not be picked up by spam filters, and the recipient already trusts information from that account. This is what hackers are now using.

“And utilising AI means that even if the criminals are working from abroad and don’t speak English, they can accurately replicate wording that the recipient would recognise.

“Businesses are only responsible for the cyber security measures inside their own organisations, but it doesn’t mean they can’t speak to business partners to discuss mutual security.

“Collaborating with contacts and partners could prove a valuable alliance.

“It is worth finding out if partners use multi-factor authentication or two-step authentication across all their accounts.

“It is useful to decide upon an unwritten one-time codeword only to be used if the already-agreed and documented bank details are changed."

He added: “Internal cyber security practices can also be improved, by such things as specialised training for the employees who handle or approve financial transactions.

“This could include things like following up a change in bank details with a telephone call, in order to prove it is genuine.

“Although not always practical, this would be an extra assurance step before transferring money out of the business.

“Not all protective measures need to be technical in nature; a renewed sense of understanding gained through education and awareness activities, is sometimes all that is required to identify and thwart a potential cyber-attack.”