Investing term

What is Social engineering?

Manipulating someone into giving up access, credentials, or money through psychological tactics rather than technical hacking.

Social engineering is manipulating people into giving up access, credentials, or money through psychological tricks rather than technical hacking. Instead of breaking software, the attacker exploits human trust — impersonating an authority, manufacturing urgency, or building rapport — to get you to hand over what they want.

That's what makes it so dangerous: it works regardless of how strong your passwords are, because it targets you, not your technology. A caller pretending to be your broker's fraud team, an email invoking a scary deadline, a friendly stranger who slowly earns your trust — all are social engineering. The real defences are behavioural: healthy skepticism toward unsolicited contact, never sharing passwords or verification codes with anyone, and verifying any request independently through official channels before acting.

The person is the weak link
It attacks the person, not the softwareYour tech is strong✓ strong password✓ 2FA enabledbut…You're talked into itfake urgency & authority →you share the code yourself

Social engineering attacks you, not your software — so strong passwords and 2FA don't help if you're manipulated into sharing a code yourself. Skepticism and verifying independently are the defence.

For example

Someone calls claiming to be your broker's security team and, citing an 'urgent breach', pressures you to read out the verification code just sent to your phone.

Learn it by doing

That's Social engineering in theory — it clicks when you use it. Practise it hands-on in a free, interactive lesson (Stage 9, Fees, Scams & Protecting Your Money).

Try the free lesson →

Why it matters to you

Social engineering matters because it's the human side of security, and it bypasses every technical safeguard you put up. Strong passwords and encryption are useless if you can be talked into handing over access yourself. Recognising the tactics — false urgency, fake authority, manufactured trust — and adopting simple rules like never sharing codes and always verifying independently is what actually protects accounts, since the weakest link is usually the person, not the software.

Sharing a verification code with a 'support' caller

A common social-engineering attack is a caller posing as your bank or broker's security team, using urgency to get you to read out a one-time code — which is exactly what they need to break into your account. Legitimate firms never ask for your codes or password. Never share them with anyone who contacts you, and verify by calling back on an official number.

Frequently asked questions

What is social engineering?

Social engineering is manipulating people into revealing information, access, or money through psychological tactics — impersonation, false urgency, fake authority, or building trust — rather than technical hacking. It targets human trust instead of software, which is why it works even against people with strong passwords and secure devices.

How is social engineering different from hacking?

Hacking exploits technical weaknesses in software or systems; social engineering exploits human psychology to get people to hand over access or information themselves. Because it targets the person rather than the technology, strong passwords and security software don't protect against it — awareness and good habits do.

How do I protect against social engineering?

Be skeptical of unsolicited contact, never share passwords or verification codes with anyone, and independently verify any request — for example by calling the organisation back on its official number. Don't act under manufactured urgency. Since the tactic targets trust and pressure, slowing down and verifying is the core defence.

Related terms

← Back to the full glossary