For law practices

Phishing simulation built for the firm holding your clients' trust funds.

Vigil tests your team against settlement-day wire fraud, conveyancing BEC, court-document phishing, and the deepfake call from the principal asking the paralegal to release trust funds. Then it scores everyone, trains the people who fail, and produces the report your insurer renews on.

Start 30-day free trialSee how it works

30-day free trial · No IT team required · Law Society + Essential Eight ready

The threats

The attacks law practices actually get.

Generic phishing training prepares your team for 2019. The attacks landing on settlement day are AI-personalised, voice-cloned, and timed to exploit conveyancing pressure. Here's what your team is up against.

Settlement-day wire fraud

Fake "updated banking details" email arrives the morning of settlement. Looks like the vendor's solicitor. Your conveyancer has 90 minutes to act and the seller is on hold.

Trust-account release fraud

A "principal" calls the paralegal asking for an urgent trust-fund release. Voice cloned from a 30-second courtroom video on YouTube. AUD$5 of compute, six-figure transfer.

Court-document phishing

"Updated affidavit attached — please review before today's hearing." Document is a payload. Lands in inboxes during the busiest hour of the legal week.

Client portal impersonation

Spoofed emails directing your team to a fake "secure file exchange" — your client-management portal's login page, pixel-for-pixel cloned. One click leaks years of privileged correspondence.

Why now

Annual training doesn't work. Settlement-day attacks don't wait.

Most law practices run security awareness once a year — a generic 30-minute video and a tick-box quiz. That was fine before AI. Today's attackers personalise every message, clone any partner's voice from a courtroom recording, and time their attacks for the exact 30 minutes when your team is least likely to verify. The gap between what your training covers and what arrives in your conveyancer's inbox has never been wider.

94%

of breaches start with a phishing email

$150,000

average cost of a successful phishing attack on an Australian SMB

< 3 mins

between an employee receiving a phish and clicking the link

How Vigil works for law practices

Simulate. Score. Train. Report. On autopilot.

Vigil runs in the background. The principal logs in once a month for the dashboard view. Everything else is automatic.

01

SIMULATE

Simulate

Pick from eight attack types — settlement-day wire scams, deepfake calls from the senior partner, fake court-document delivery, conveyancing-themed phishing. AI writes every message in the context of your firm and current matters.

02

SCORE

Score

Every employee — partners, conveyancers, paralegals, admin — gets a live human risk score. See who's vulnerable, which team needs work, and how risk trends through busy periods.

03

TRAIN

Train

When someone clicks, training is assigned automatically. Built for the exact scam type they fell for. Quizzes and completion records auto-tracked for compliance.

04

REPORT

Report

One-click PDF mapped to the Law Society client-confidentiality rules, Essential Eight, ISO 27001, and the Australian Privacy Act. The document your cyber insurer reviews at renewal.

Compliance

Pass your insurer questionnaire and your Law Society review with the same report.

Most Australian law practices now hold cyber insurance. Renewal questionnaires want evidence of regular security awareness training, attack simulations, and remediation. Vigil's report covers it — Law Society client-confidentiality obligations, Essential Eight Maturity Level 1, and the Privacy Act's APP 11 staff-training requirement. Regenerate any time, always current.

Law Society Conduct RulesEssential EightISO 27001Australian Privacy ActNIST CSFCIS Control 14

Built for Australian professional-services firms.

No IT team requiredSetup in 30 minutesCancel anytimeAustralian-hosted on requestSOC 2 Type II in progress

Pricing

Less than your cyber insurance excess.

30-day free trial. No credit card required. Cancel anytime.

AnnualSave 17%Monthly

Starter

Essential phishing and training for small teams.

$290/year

$24/mo equivalent · save 17%

Start 30-day free trial
  • Up to 25 employees
  • Email phishing simulations
  • SMS phishing simulations
  • Voice call simulations
  • QR code attack simulations
  • Live risk scores per employee
  • Automatic training assignment on failure
  • Interactive training lessons & quizzes
  • Compliance PDF (Essential Eight, ISO 27001, Privacy Act)
  • Email support
Most popular

Growth

Deepfakes, voice cloning, and AI-personalised attacks.

$990/year

$83/mo equivalent · save 17%

Start 30-day free trial
  • Up to 200 employees
  • Everything in Starter, plus:
  • Deepfake video email simulations
  • Voice-cloned executive calls
  • Live deepfake video calls
  • AI-personalised phishing with Claude
  • Custom attack briefs
  • AI-generated personalised training videos
  • Department benchmarking
  • Escalation alerts for high-risk employees
  • Priority support

Enterprise

For MSPs and organisations with compliance requirements.

Custom
Contact sales
  • Unlimited employees
  • Everything in Growth, plus:
  • Custom compliance mapping
  • API access
  • MSP multi-tenant console
  • White-label branding
  • SSO & SCIM provisioning
  • SLA guarantee
  • Dedicated success manager

One successful phishing attack costs an average of $150,000. Vigil pays for itself with a single prevented incident.

Train your team before the criminals do.

30-day free trial. No credit card. Law Society-ready report on day 1.

Start 30-day free trial

or email us at hello@vigilsecurity.io