Investing term
What is Social engineering?
Manipulating someone into giving up access, credentials, or money through psychological tactics rather than technical hacking.
Social engineering is manipulating people into giving up access, credentials, or money through psychological tricks rather than technical hacking. Instead of breaking software, the attacker exploits human trust — impersonating an authority, manufacturing urgency, or building rapport — to get you to hand over what they want.
That's what makes it so dangerous: it works regardless of how strong your passwords are, because it targets you, not your technology. A caller pretending to be your broker's fraud team, an email invoking a scary deadline, a friendly stranger who slowly earns your trust — all are social engineering. The real defences are behavioural: healthy skepticism toward unsolicited contact, never sharing passwords or verification codes with anyone, and verifying any request independently through official channels before acting.
Social engineering attacks you, not your software — so strong passwords and 2FA don't help if you're manipulated into sharing a code yourself. Skepticism and verifying independently are the defence.
For example
Someone calls claiming to be your broker's security team and, citing an 'urgent breach', pressures you to read out the verification code just sent to your phone.
Learn it by doing
That's Social engineering in theory — it clicks when you use it. Practise it hands-on in a free, interactive lesson (Stage 9, Fees, Scams & Protecting Your Money).
Try the free lesson →Why it matters to you
Social engineering matters because it's the human side of security, and it bypasses every technical safeguard you put up. Strong passwords and encryption are useless if you can be talked into handing over access yourself. Recognising the tactics — false urgency, fake authority, manufactured trust — and adopting simple rules like never sharing codes and always verifying independently is what actually protects accounts, since the weakest link is usually the person, not the software.
⚠ Sharing a verification code with a 'support' caller
A common social-engineering attack is a caller posing as your bank or broker's security team, using urgency to get you to read out a one-time code — which is exactly what they need to break into your account. Legitimate firms never ask for your codes or password. Never share them with anyone who contacts you, and verify by calling back on an official number.