The threats
The attacks financial advisers actually get.
Generic phishing training prepares your team for 2019. The attacks landing in your client-services inbox today are AI-personalised, time-pressured, and dressed up as ASIC, the ATO, your platform provider, or the client themselves. Here's what your team is up against.
Client portfolio impersonation
Spoofed email "from your client" asking to redirect their next pension drawdown to a different account. Your CSO assistant verifies via the email signature, which the attacker also wrote.
SMSF rollover fraud
A six-figure SMSF rollover request comes in from "the client." Bank details for the receiving fund are subtly off. Voice cloned from your podcast appearance confirms the change verbally.
Fake ASIC notice scams
"Your AFSL is under review, click here to respond within 48 hours." Looks like asic.gov.au. The senior adviser opens it because nobody wants an ASIC matter to escalate.
Platform login phishing
Fake login page for your investment platform. Pixel-for-pixel clone. Your para-planner enters credentials. The attacker now has client-level access for the next 30 days.
Why now
Annual training doesn't work. ASIC doesn't grade you on what your video covered last year.
Most financial-advice practices run security awareness once a year, a generic video and a tick-box quiz. That was fine before AI. Today's attackers personalise every message, clone the principal's voice from any podcast or webinar, and time their fraud for the highest-pressure rollover or insurance-claim moment. The gap between what your training covers and what's actually landing in your team's inbox has never been wider.
of breaches start with a phishing email
average cost of a successful phishing attack on an Australian SMB
between an employee receiving a phish and clicking the link
How Vigil works for financial advisers
Simulate. Score. Train. Report. On autopilot.
Vigil runs in the background. Your responsible manager logs in once a month. Everything else is automatic.
SIMULATE
Simulate
Pick from six core attack types, client portfolio impersonation, deepfake calls from the principal, fake ASIC notices, SMSF rollover fraud. AI writes every message in the context of your firm, your platform, your client base.
SCORE
Score
Every employee, advisers, para-planners, client-services, admin, gets a live human risk score. See who's vulnerable, which department needs work, and which team members are improving.
TRAIN
Train
When someone clicks, training is assigned automatically. Built for the exact scam type they fell for. Quizzes and completion records auto-tracked for compliance.
REPORT
Report
One-click PDF mapped to ASIC's cyber-resilience guidance (REP 716, REP 776), Essential Eight, ISO 27001, and the Privacy Act. The document your PI insurer and your auditor both want to see.
Compliance
Pass your PI renewal and your ASIC review with the same report.
ASIC's cyber-resilience guidance (REP 716, REP 776 and the cyber-resilience good practices) expects evidence of staff awareness, attack simulation, and remediation tracking. Most PI insurers ask for the same evidence at renewal. Vigil's report covers ASIC cyber resilience, Essential Eight Maturity Level 1, and the Privacy Act's APP 11 staff-training obligation. Regenerate any time, always current.
Built for Australian professional-services firms.
Also for
Other professional services teams using Vigil
See the full list on security awareness training by industry.
Train your team before the criminals do.
14-day free trial. No credit card. ASIC cyber-resilience-ready report on day 1.
Start 14-day free trialor email us at hello@vigilsecurity.io