Law firms have become prime targets for cybercriminals. This is also because the volume of sensitive data handled by the average law firm has increased dramatically in recent years. In addition, law firms are particularly susceptible to email fraud attacks because of the strong personal relationships they establish with clients, which can be exploited through carefully crafted identity theft campaigns. Law firms are therefore constantly faced with the challenge of ensuring that security and compliance across their IT infrastructure are sufficient. The motivation behind this study lies in the lack of research on the risks and challenges that phishing attacks pose to law firms. For this reason, this study aims to contribute to the literature by providing a comprehensive analysis of phishing trends that represent a serious threat to law firms and by offering appropriate recommendations and countermeasures to prevent such attacks. It also aims to raise awareness among users and researchers while encouraging the development of new methods to combat phishing attacks.