For accounting firms

Phishing simulation built for the people handling your clients' money.

Vigil tests your team against ATO impersonation, EOFY business-email compromise, trust-account wire fraud, and the deepfake call from 'the senior partner' that's now standard practice. Then it scores everyone, trains the people who fail, and produces the report your insurer renews on.

Start 30-day free trialSee how it works

30-day free trial · No IT team required · APES 110 + Essential Eight ready

The threats

The attacks accounting firms actually get.

Generic phishing training prepares your team for 2019. The attacks landing in your inbox today are AI-personalised, voice-cloned, and timed for the worst possible week of the year. Here's what your team is up against.

ATO impersonation

"Your client has an outstanding tax debt — click here to verify before it goes to a debt collector." Tailored for EOFY pressure. The links look exactly like ato.gov.au.

Trust-account wire fraud

A senior partner asks the junior to wire client settlement funds urgently. Voice cloned from a 30-second sample on the firm's "Meet the Team" page. Cloned voices now cost AUD$5.

EOFY business email compromise

30 June pressure means your team clicks first and verifies later. Attackers know this. The compromise often happens between 25 June and 5 July.

Client data phishing

Spoofed emails asking your team to share client tax files via a fake "secure portal." One successful click exposes years of client TFNs and BAS lodgements.

Why now

Annual training doesn't work. AI attacks don't wait for the next session.

Most accounting firms run security awareness once a year — usually a generic 30-minute video and a tick-box quiz. That was fine before AI. Today's attackers personalise every message, clone any executive's voice from a LinkedIn video, and adapt their script in real time. The gap between what your training covers and what actually arrives in your team's inbox has never been wider.

94%

of breaches start with a phishing email

$150,000

average cost of a successful phishing attack on an Australian SMB

< 3 mins

between an employee receiving a phish and clicking the link

How Vigil works for accounting firms

Simulate. Score. Train. Report. On autopilot.

Vigil runs in the background. You log in once a month for the dashboard view. Everything else is automatic.

01

SIMULATE

Simulate

Pick from eight attack types — ATO scams, deepfake voice calls from your managing partner, fake Xero login pages, EOFY-themed phishing. AI writes every message from the context of your firm.

02

SCORE

Score

Every employee gets a live human risk score. See who's vulnerable, which department needs work, and which staff are improving — without spreadsheets.

03

TRAIN

Train

When someone clicks, training is assigned automatically. Built for the exact scam type they fell for. Quizzes and completion records auto-tracked for compliance.

04

REPORT

Report

One-click PDF mapped to APES 110, Essential Eight, ISO 27001, and the Australian Privacy Act. The document your cyber insurer reviews at renewal time.

Compliance

Pass your insurer questionnaire and your APES 110 review with the same report.

Most Australian accounting firms now hold cyber insurance. Renewal questionnaires want evidence of regular security awareness training, attack simulations, and remediation tracking. Vigil's report covers all of it — APES 110 client-confidentiality controls, Essential Eight Maturity Level 1, and the Privacy Act's APP 11 staff-training obligation. Regenerate any time, always current.

APES 110Essential EightISO 27001Australian Privacy ActNIST CSFCIS Control 14

Built for Australian professional-services firms.

No IT team requiredSetup in 30 minutesCancel anytimeAustralian-hosted on requestSOC 2 Type II in progress

Pricing

Less than your cyber insurance excess.

30-day free trial. No credit card required. Cancel anytime.

AnnualSave 17%Monthly

Starter

Essential phishing and training for small teams.

$290/year

$24/mo equivalent · save 17%

Start 30-day free trial
  • Up to 25 employees
  • Email phishing simulations
  • SMS phishing simulations
  • Voice call simulations
  • QR code attack simulations
  • Live risk scores per employee
  • Automatic training assignment on failure
  • Interactive training lessons & quizzes
  • Compliance PDF (Essential Eight, ISO 27001, Privacy Act)
  • Email support
Most popular

Growth

Deepfakes, voice cloning, and AI-personalised attacks.

$990/year

$83/mo equivalent · save 17%

Start 30-day free trial
  • Up to 200 employees
  • Everything in Starter, plus:
  • Deepfake video email simulations
  • Voice-cloned executive calls
  • Live deepfake video calls
  • AI-personalised phishing with Claude
  • Custom attack briefs
  • AI-generated personalised training videos
  • Department benchmarking
  • Escalation alerts for high-risk employees
  • Priority support

Enterprise

For MSPs and organisations with compliance requirements.

Custom
Contact sales
  • Unlimited employees
  • Everything in Growth, plus:
  • Custom compliance mapping
  • API access
  • MSP multi-tenant console
  • White-label branding
  • SSO & SCIM provisioning
  • SLA guarantee
  • Dedicated success manager

One successful phishing attack costs an average of $150,000. Vigil pays for itself with a single prevented incident.

Train your team before the criminals do.

30-day free trial. No credit card. APES 110-ready report on day 1.

Start 30-day free trial

or email us at hello@vigilsecurity.io