This article was written by John Brushwood, Compliance Counsel at Traliant, a leading provider of online compliance training available through Savvy. 

The legal industry is no stranger to confidentiality and precision — but in today’s AI-driven world, these pillars of trust are under new attack. As artificial intelligence becomes more accessible, cybercriminals are leveraging it in increasingly sophisticated scams that directly target law firms and legal professionals. Whether you’re a solo practitioner or part of a large firm, understanding how AI is being used against you is critical to protecting your clients, your practice and your reputation. 

The Rise of AI-Enhanced Scams 

Scammers are no longer relying solely on poorly worded phishing emails. Thanks to generative AI, they can craft hyper-personalized messages that mimic client language, replicate internal firm communications or even generate deepfake audio or video impersonations. For example, a lawyer might receive a convincing voicemail from a “client” asking for urgent wire instructions to be changed — except the voice on the line isn’t real. It’s a deepfake, crafted with just a few publicly available audio clips and a free AI tool. 

Other emerging scams include: 

• AI-crafted legal requests with accurate legal jargon and forged case numbers, pressuring attorneys into opening malicious attachments. 

• Chatbot impersonators posing as prospective clients through firm websites, collecting personal information or delivering malware links. 

• Synthetic identity fraud using AI-generated identities to infiltrate client intake or case management systems. 

Why Law Firms Are Prime Targets 

Law firms hold a treasure trove of sensitive data — mergers, litigation strategies, intellectual property, and financials. This makes them especially attractive to cybercriminals. What’s more, lawyers often correspond with clients via email or text, where familiarity can lower defenses. Add billable-hour pressure, fast-paced deal cycles and remote work habits, and the opportunity for error grows. 

Smaller firms are particularly vulnerable. Without dedicated IT teams or robust cybersecurity training, they often lack the internal safeguards to detect AI-driven scams before it’s too late. 

5 Signs You Might Be Targeted by an AI Scam 

1. Unexpected urgency — especially involving money transfers or password resets. 

2. Odd but subtle tone shifts in emails that appear to come from known clients or colleagues. 

3. Attachments with common legal file names but from slightly altered domains. 

4. Voicemails or video calls that sound slightly off — watch for unusual pauses or robotic intonation. 

5. Requests via new communication channels, like WhatsApp or text, without prior agreement. 

Protecting Your Firm from AI Threats 

• Invest in training: Educate attorneys and staff on the latest AI-enabled threats, especially impersonation tactics. 

• Use two-factor authentication: Especially for email, document sharing, and financial systems. 

• Establish verification protocols: Require call-back verification for financial requests or client onboarding changes. 

• Limit public exposure: Be cautious about what is shared on websites, social media, and event recordings. 

• Partner with IT experts: Ensure your cybersecurity systems are continuously updated to detect AI-generated threats. 

AI is Here to Stay — So Is the Risk 

AI will continue to transform legal work for the better — but it also arms bad actors with powerful new tools. By staying vigilant, informed, and prepared, law firms can uphold their commitments to client trust and professional integrity, even in the face of next-generation scams. 

Stay a Step Ahead with Traliant 

At Traliant, we offer training solutions to help legal professionals and law firms stay secure, vigilant, and compliant in the face of evolving cyber and AI threats. Created with the oversight of in-house legal and compliance experts, our course offerings equip your team with the knowledge to spot threats early, respond confidently, and uphold client trust. Courses include: 

• Cybersecurity Awareness 

• AI in the Workplace 

• Data Privacy and Information Security 

About the Author 

John Brushwood, Compliance Counsel at Traliant, is a graduate of St. Petersburg College and George Washington University Law School. He has practiced data privacy, cybersecurity and AI governance at various law firms, including Griffin & Griffin in Washington DC.