Scammers have always followed the money; now they are following the algorithms too. The same tools that promise to make legal practice faster and more efficient are also giving fraudsters new ways to imitate lawyers, forge documents, and weaponize the appearance of legality at scale.
In earlier posts, I wrote about the promise and perils of AI in law, and about common legal-themed scams: fake warrants, bogus settlement-enforcement matters, and phony escrow deals that target both lawyers and the public. This post pulls those threads together, because the line between “AI risk” and “legal scam” is disappearing. Increasingly, the biggest risk of AI in law is not that lawyers will use it badly, but that scammers will use it very well.
From Robocall to Synthetic “Sheriff”
Start with the old “there’s a warrant for your arrest” routine. Historically, these calls relied on cheap voice-over-IP and a convincing script: someone pretending to be a deputy or court clerk, a spoofed caller ID, and a threat that you will be jailed for missing jury duty or ignoring a subpoena unless you pay a bond immediately.
Now, add AI. Voice-cloning tools can recreate a specific person’s voice from a short sample. That makes it trivial to generate robocalls that sound like a real sheriff, judge, or even your own attorney, reading from a script that was itself drafted and polished by a large language model. Text-to-speech systems can automatically customize these calls with your name, alleged case number, and other details scraped from public records or social media.
The result is not just more calls; it is more believable calls. A scam that once depended on generic threats can now arrive in a voice you think you recognize, referring to a matter that sounds plausibly like something on your docket or in your past. When a panicked client calls you saying, “The sheriff called and it sounded exactly like him,” that is no longer science fiction.
AI-Supercharged Legal Email Scams
The classic email scams aimed at law firms—phony settlement enforcement, fake foreign debt collections, “clients” needing help with a big equipment sale—also look different in an AI world.
Previously, many of these emails gave themselves away with clumsy language, inconsistent facts, or obviously recycled documents. Today, those rough edges are easy to sand off. With AI, a scammer can:
- Generate highly polished inquiry emails tailored to your practice area, free of the broken English and odd phrasing that used to be tell-tale.
- Draft “settlement agreements,” “escrow instructions,” and “purchase contracts” that look like something you or your colleagues could have written, including correct jurisdiction clauses and citations pulled from real templates.
- Translate scams into multiple languages and legal systems, reusing the same basic scheme across jurisdictions with minimal extra effort.
When you receive a new-matter email about enforcing a settlement or holding escrow on an equipment sale today, the surface cues may all look right. The document formatting, legal terminology, and even the way the sender describes your reputation or website can all be generated or enhanced by AI. That makes your internal controls—not your gut—do most of the safety work.
Cloned Law Firms and Synthetic Lawyers
One of the most disturbing developments is the rise of entire fake law firms, or cloned versions of real ones, created with the help of AI. Security researchers have already reported networks of dozens or hundreds of cloned professional websites, including law firm sites, running “recovery scams” and other frauds. These operations use AI-generated text to populate attorney bios, practice area pages, blog posts, and FAQs.
From a consumer’s perspective, these sites look legitimate. They feature:
- Professionally written content that reads like any other modern firm’s marketing copy.
- AI-generated headshots that resemble real “partners” and “associates.”
- Stolen or AI-enhanced logos and taglines that evoke trust and expertise.
Once a victim reaches a cloned site, the scammers can then move them into more personalized contact: phone calls, emails, and even video chats, increasingly supported by AI-generated voices or deepfake video. A person looking for help with a judgment, a cryptocurrency loss, or a business dispute may never realize that the “law firm” they hired exists only as a web template and a bank account.
Legitimate firms are not immune from this either. Scammers can register domains that differ from your firm’s by a single character, scrape your public website, and use AI to rewrite the text just enough to avoid automated plagiarism flags while preserving the look and feel. To a hurried user—or even to a client who clicked an email link instead of typing the address—this “mirror” site is indistinguishable from yours.
Deepfakes, Miswired Funds, and Trust Accounts
In prior writing, I described how phishing and email compromise can lead to misdirected escrow or trust funds: an attacker gains access to email, watches a real transaction unfold, and then sends “updated” wire instructions from a compromised or spoofed account.
AI makes every step of that scheme more convincing. With modern tools, a scammer can:
- Craft spear-phishing emails that look exactly like your own writing style, because they have been trained on your public posts, articles, and prior leaked correspondence.
- Generate perfectly branded PDF “wire instructions” or closing letters, complete with signatures that are difficult to distinguish from scanned originals.
- Use deepfake audio or video to impersonate a lawyer, client, or banker in a real-time call, “confirming” new wire details or urging a change in timing.
Imagine a scenario: your client receives a video call from what appears to be you, confirming that “our trust account details have changed, so use this new account for the settlement funds.” The background is your real office (scraped from your firm’s website or LinkedIn), the voice is yours, and the call fits the schedule you laid out in earlier genuine emails. If your client has not been briefed that such a thing is possible, their likelihood of questioning it is low.
In that environment, the advice we give about wire fraud and trust-account security has to evolve. “Call to confirm” is no longer enough if the call itself can be faked. We need layered verification: known numbers, shared secret phrases, and procedures that treat any change in payment instructions as presumptively suspect until proven legitimate.
Why This Matters for AI Adoption in Law
In your earlier AI-focused posts, you likely emphasized themes such as efficiency, better research, improved drafting, and new ways to serve clients. Those benefits are real, and firms that ignore them will fall behind. But they sit alongside two parallel realities:
- The same AI capabilities that help you draft a brief can help a scammer draft a fake settlement agreement that looks like your work.
- The same models that summarize case law can also summarize your website, publications, and social media presence to build highly personalized attacks against you and your clients.
Responsible AI adoption in law therefore has to include a security and fraud-awareness component. It is not enough to ask, “Does this tool help me do my job?” The better question is, “How does this capability change the threat landscape for my firm and my clients?”
That means thinking about:
- How easily could someone mimic our written or spoken communications?
- How might someone misuse information we publish to the world to create more convincing impersonations?
- What internal habits and external client education do we need to build now, before a crisis, so that everyone knows how to respond when something “feels off” but looks real?
Practical Steps for Lawyers and Clients
The good news is that many of the protections you already know still work in an AI-driven scam environment—they just need to be applied more rigorously.
For lawyers and law firms:
- Harden verification around money. Treat any change in wiring instructions, payee information, or funding sequence as suspicious by default. Confirm via a separate channel using contact details you already had, not those in the new message.
- Build authentication rituals. Consider shared code words or phrases with repeat clients for high-value transactions, agreed in advance and never transmitted by email.
- Train for AI-enabled deception. Include examples of AI-generated emails, fake domains, and deepfake scenarios in your security training, so staff know what is possible and do not rely on “it sounded like them” as proof.
- Audit your public footprint. Review what your website, bios, and social media reveal. You cannot hide everything, but you can be intentional about what you publish and how easily someone could weaponize it.
For clients and the public:
- Be skeptical of urgency tied to authority. Whether it is a “sheriff” demanding immediate bond money or a “lawyer” rushing you to move funds before a deadline, pressure is a feature, not a bug.
- Verify identities through your own channels. If you receive an unexpected call or message about legal rights, payments, or warrants, hang up or stop responding, and then contact the lawyer, court, or agency using contact information you obtain independently.
- Ask your lawyer about their procedures. A firm that has clear policies for wire verification, email security, and identity confirmation is not being paranoid; it is acknowledging reality.
The New Baseline: Assume It Can Be Faked
The connective tissue between AI in law and legal-themed scams is simple: anything that can be digitized can now be convincingly forged, at scale, by anyone with a laptop and an internet connection. Voices, signatures, letterhead, contracts, websites, even video meetings—none of these are automatic proof of legitimacy anymore.
That sounds bleak, but it is also clarifying. If we assume from the start that appearance can be faked, we are forced back to fundamentals: trusted relationships, multiple independent verification channels, and a culture that values slowing down when money or liberty is on the line.
AI will continue to transform legal practice; your earlier posts laid out many of the ways it is already doing so. The next step is making sure that, as we adopt these tools, we also upgrade our skepticism, our procedures, and our client education. Because scammers are already using AI to make their legal lies more convincing. Our job is to make sure that, even in an AI-powered world, the truth still has better lawyers.
