Investing term

What is Phishing?

Fake emails, SMS, or messages impersonating your broker to steal your login or money.

Phishing is a scam in which fake emails, texts, or calls impersonate your broker, bank, or another trusted service to trick you into handing over login details or money. The message looks official — logos, branding, a plausible sender — and points you to a fake website or asks you to reveal credentials or codes.

Phishing works by manufacturing urgency. A 'locked account', a 'suspicious login', or a 'payment that needs confirming' is designed to make you act before you think. The defence is simple and reliable: never click links in unexpected messages, and never enter your login or share verification codes from a link you were sent. Instead, navigate to the service yourself — by typing the address or using your saved bookmark or app — and check from there.

A fake message built to rush you
A fake message engineered to make you act before thinking⚠ "YourBroker Security"Your account is locked.Verify now: your-broker-secure.co/login↑ urgency + a link = the phishing signatureThe defenceNever click the link.Open the app or siteyourself and check.

Phishing impersonates your broker with false urgency and a link to a fake login page. The reliable defence: never click the link — open the app or site yourself and check.

For example

A text claims 'Your broker account is locked — verify now' with a link; the link leads to a convincing fake login page built to steal your password.

Learn it by doing

That's Phishing in theory — it clicks when you use it. Practise it hands-on in a free, interactive lesson (Stage 9, Fees, Scams & Protecting Your Money).

Try the free lesson →

Why it matters to you

Phishing matters because it's the most common way accounts — including investment accounts — get compromised, and it targets human reflexes rather than software. No password strength helps if you type it into a fake site yourself. Building the habit of never acting on links in unexpected messages, and always navigating to a service independently, neutralises the vast majority of phishing attempts and protects the accounts holding your money.

Clicking the link 'just to check'

Even opening a phishing link 'just to see' is risky — the fake page is built to capture whatever you enter, and urgency is engineered to make you type your login without thinking. The safe habit is never to click links in unexpected messages at all. Go to the site yourself, via a bookmark or the app, and verify any claim from there.

Frequently asked questions

What is phishing?

Phishing is a scam using fake emails, texts, or calls that impersonate a trusted organisation — like your broker or bank — to trick you into revealing login details or money. The messages often create urgency and link to fake websites designed to capture whatever credentials you enter.

How do I protect myself from phishing?

Never click links in unexpected messages or enter your login or verification codes from them. Instead, navigate to the service yourself by typing the address or using your saved app or bookmark, and verify any claim there. Enabling two-factor authentication adds a further layer of protection.

How can I recognise a phishing message?

Watch for manufactured urgency ('account locked', 'verify now'), unexpected links, requests for login details or codes, slightly off sender addresses, and generic greetings. When in doubt, don't engage with the message — contact the organisation directly through its official app or website to check whether it's genuine.

Related terms

← Back to the full glossary