Glossary term
Social Engineering
Social engineering is the use of deception or manipulation to persuade people to reveal information, send money, or take actions that create financial or security risk.
Byline
Written by: Editorial Team
Updated
What Is Social Engineering?
Social engineering is the use of deception or manipulation to persuade people to reveal information, send money, or take actions that create financial or security risk. Instead of attacking a system directly, the fraudster targets human behavior. The person is pushed to trust the wrong message, approve the wrong request, share the wrong code, or ignore the warning signs that would normally stop the scam.
In finance, social engineering matters because many losses begin with a manipulated decision rather than a technical failure. A fraudster may pretend to be a bank employee, a government official, a family member, a manager, or a service representative. The tactic works when the victim accepts the story and cooperates.
Key Takeaways
- Social engineering uses manipulation to get people to reveal information or take harmful actions.
- It targets human trust, fear, urgency, or routine behavior rather than systems alone.
- Phishing is one common form of social engineering.
- It can lead to account takeover, identity theft, payment fraud, and credential theft.
- Verification through a separate trusted channel is one of the strongest defenses.
How Social Engineering Works
The core method is psychological pressure. The fraudster creates urgency, authority, fear, curiosity, or convenience and uses that pressure to influence a decision. The message may say an account has been compromised, a transfer must be confirmed immediately, a refund is available, or a family member needs help. The specific story changes, but the purpose stays the same: make the target act before thinking carefully.
Once the victim responds, the fraudster may collect passwords, one-time codes, account numbers, or enough information to attempt account takeover. In other cases, the victim is persuaded to send money or disclose information that later supports identity theft.
Social Engineering Versus Phishing
Phishing is a specific message-based form of social engineering. Social engineering is the bigger category. It can happen through email, text, phone calls, social media messages, fake customer-service interactions, or even in-person deception.
Term | Scope |
|---|---|
Social engineering | The broad manipulation tactic used to trigger harmful actions |
Phishing | A specific message- or site-based form of that tactic |
Why Social Engineering Matters Financially
Social engineering matters because it can bypass otherwise strong systems. A bank may have solid technical controls, but those controls can still be weakened if a customer is convinced to share a code, approve a transfer, or reset credentials for a criminal. The financial loss often looks like an account or payment problem, but the real starting point was manipulation.
That is why this term belongs in the same branch as identity theft and account access. It explains how many fraud schemes get their first foothold.
Common Examples of Social Engineering
Common examples include fake fraud alerts, impostor calls, messages that pressure a target to click a login link, scams that claim a payment issue must be fixed immediately, and requests to share one-time authentication codes. The tactic can also show up in non-credit settings, but the financial use cases are especially important because they can lead quickly to money movement or record compromise.
Many scams that look different on the surface are really variations of the same social-engineering pattern.
Example of Social Engineering
Assume a consumer receives a call from someone claiming to be from the bank's fraud department. The caller sounds credible, references a recent transaction, and asks the consumer to read back a one-time code to verify the account. The code is actually being used to log in. The consumer does not lose money because of the phone call alone. The loss happens because the fraudster successfully manipulated the consumer into helping the takeover.
The example shows why social engineering is best understood as behavioral fraud, not just suspicious messaging.
The Bottom Line
Social engineering is the use of deception or manipulation to get people to reveal information or take harmful actions. It matters because many financial frauds start by exploiting trust, urgency, or routine behavior rather than by breaking through technical defenses directly.