LexNews | Law Firm Impersonation Scams Jump 21% — And Your Clients Are the Target

LexNews — SavvyLex's take on what's moving in legal AI and legal tech this week.

THE STORY

Scams impersonating law firms surged 21% in Q1 2026, according to the U.K.'s Solicitors Regulation Authority (SRA). The watchdog issued 134 fraud alerts between January and March — up from 111 in the same period last year. March alone logged 50 alerts.

The firms targeted read like a Who's Who of the legal world: CMS, Skadden Arps, Sullivan & Cromwell, Hogan Lovells, Hill Dickinson, Linklaters, Clifford Chance, Mayer Brown, White & Case, and more.

The tactics? Fake emails from invented attorneys, forged letterheads, bogus compliance reports, fraudulent copyright notices — and in at least one case, malware-laden attachments sent in a Skadden impersonation.

THE SAVVYLEX LENS

This is not just a cybersecurity problem. It is an identity governance failure — and it exposes a critical weakness in how legal organizations verify who they are communicating with.

Think about what these scams exploit:

Clients trust the letterhead. A forged Hogan Lovells header on a power of attorney request looks legitimate to a non-lawyer.

Attorneys trust the domain. One extra letter in Dickinson is easy to miss.

AI has made impersonation cheap and convincing. Deepfake emails, cloned tone, synthetic signatures — what once required a sophisticated criminal operation now requires a laptop and a free LLM.

The firms being impersonated have brand equity. That equity has now become a liability if it is not actively defended.

WHAT GOVERNANCE-FIRST FIRMS ARE DOING DIFFERENTLY

A governed AI environment does not just protect your outputs — it authenticates your identity at every touchpoint. That means:

Verified communication chains — digital signatures on all external correspondence

AI output audit trails — so no document leaves your firm without a provenance record

Client-facing verification protocols — so clients know what a real communication from you looks like

Incident response playbooks for impersonation events — not just data breaches

The SRA can issue 134 alerts. But alerts are reactive. Architecture is proactive.

THE SAVVYLEX TAKE

If a scammer can convincingly impersonate your firm to your own clients, the question is not just how do we stop them — it is what does our firm's verified identity actually look like?

That is the governance gap. And it is the gap SavvyLex was built to close.

Curious where your firm stands? Take the AI Governance Readiness Assessment — no sales call, no fluff, just your score. savvylex.com

Source: Law.com, Scams Impersonating Law Firms Rocket 21%, Molly G Smith, April 7, 2026. LexNews is SavvyLex's editorial commentary on legal AI and legal technology developments.