The threats
The attacks accounting firms actually get.
Generic phishing training prepares your team for 2019. The attacks landing in your inbox today are AI-personalised, voice-cloned, and timed for the worst possible week of the year. Here's what your team is up against.
ATO impersonation
"Your client has an outstanding tax debt, click here to verify before it goes to a debt collector." Tailored for EOFY pressure. The links look exactly like ato.gov.au.
Trust-account wire fraud
A senior partner asks the junior to wire client settlement funds urgently. Voice cloned from a 30-second sample on the firm's "Meet the Team" page. Cloned voices now cost AUD$5.
EOFY business email compromise
30 June pressure means your team clicks first and verifies later. Attackers know this. The compromise often happens between 25 June and 5 July.
Client data phishing
Spoofed emails asking your team to share client tax files via a fake "secure portal." One successful click exposes years of client TFNs and BAS lodgements.
Why now
Annual training doesn't work. AI attacks don't wait for the next session.
Most accounting firms run security awareness once a year, usually a generic 30-minute video and a tick-box quiz. That was fine before AI. Today's attackers personalise every message, clone any executive's voice from a LinkedIn video, and adapt their script in real time. The gap between what your training covers and what actually arrives in your team's inbox has never been wider.
of breaches start with a phishing email
average cost of a successful phishing attack on an Australian SMB
between an employee receiving a phish and clicking the link
How Vigil works for accounting firms
Simulate. Score. Train. Report. On autopilot.
Vigil runs in the background. You log in once a month for the dashboard view. Everything else is automatic.
SIMULATE
Simulate
Pick from six core attack types. ATO scams, deepfake voice calls from your managing partner, fake Xero login pages, EOFY-themed phishing. AI writes every message from the context of your firm.
SCORE
Score
Every employee gets a live human risk score. See who's vulnerable, which department needs work, and which staff are improving, without spreadsheets.
TRAIN
Train
When someone clicks, training is assigned automatically. Built for the exact scam type they fell for. Quizzes and completion records auto-tracked for compliance.
REPORT
Report
One-click PDF mapped to APES 110, Essential Eight, ISO 27001, and the Australian Privacy Act. The document your cyber insurer reviews at renewal time.
Compliance
Pass your insurer questionnaire and your APES 110 review with the same report.
Most Australian accounting firms now hold cyber insurance. Renewal questionnaires want evidence of regular security awareness training, attack simulations, and remediation tracking. Vigil's report covers all of it. APES 110 client-confidentiality controls, Essential Eight Maturity Level 1, and the Privacy Act's APP 11 staff-training obligation. Regenerate any time, always current.
Built for Australian professional-services firms.
Also for
Other professional services teams using Vigil
See the full list on security awareness training by industry.
Train your team before the criminals do.
14-day free trial. No credit card. APES 110-ready report on day 1.
Start 14-day free trialor email us at hello@vigilsecurity.io