Investing term
What is Phishing?
Fake emails, SMS, or messages impersonating your broker to steal your login or money.
Phishing is a scam in which fake emails, texts, or calls impersonate your broker, bank, or another trusted service to trick you into handing over login details or money. The message looks official — logos, branding, a plausible sender — and points you to a fake website or asks you to reveal credentials or codes.
Phishing works by manufacturing urgency. A 'locked account', a 'suspicious login', or a 'payment that needs confirming' is designed to make you act before you think. The defence is simple and reliable: never click links in unexpected messages, and never enter your login or share verification codes from a link you were sent. Instead, navigate to the service yourself — by typing the address or using your saved bookmark or app — and check from there.
Phishing impersonates your broker with false urgency and a link to a fake login page. The reliable defence: never click the link — open the app or site yourself and check.
For example
A text claims 'Your broker account is locked — verify now' with a link; the link leads to a convincing fake login page built to steal your password.
Learn it by doing
That's Phishing in theory — it clicks when you use it. Practise it hands-on in a free, interactive lesson (Stage 9, Fees, Scams & Protecting Your Money).
Try the free lesson →Why it matters to you
Phishing matters because it's the most common way accounts — including investment accounts — get compromised, and it targets human reflexes rather than software. No password strength helps if you type it into a fake site yourself. Building the habit of never acting on links in unexpected messages, and always navigating to a service independently, neutralises the vast majority of phishing attempts and protects the accounts holding your money.
⚠ Clicking the link 'just to check'
Even opening a phishing link 'just to see' is risky — the fake page is built to capture whatever you enter, and urgency is engineered to make you type your login without thinking. The safe habit is never to click links in unexpected messages at all. Go to the site yourself, via a bookmark or the app, and verify any claim from there.