Glossary / Fraud & scams
Social Engineering
Social engineering is the manipulation of people into revealing information or taking action, such as approving a payment, by exploiting trust, urgency, or authority rather than hacking systems.
What is social engineering?
Social engineering targets people rather than systems. Instead of breaking through firewalls, the attacker manipulates a person into handing over information or taking an action, using trust, urgency, authority, or fear. In finance, it usually ends with someone approving a payment or changing bank details they should have questioned. A recognisable Australian example: a caller claiming to be from a known supplier’s finance team says their bank has “just changed” and the account for today’s payment is different, adding that the invoice is overdue and the relationship is at risk. The pressure is the point; it pushes staff to act before they verify.
Why it matters for Australian finance teams
Social engineering is the common thread behind CEO fraud, business email compromise, and payment redirection scams, all of which the ACCC’s Scamwatch tracks as major sources of business losses. It works because it exploits normal, helpful workplace behaviour: responding quickly, deferring to authority, and trusting familiar names. No amount of technical security fully removes the risk, which is why an independent verification step matters. For finance teams, the danger is that a convincing story can override an otherwise sound process.
How ezyshield helps
ezyshield takes the pressure and persuasion out of the decision by verifying facts, not stories. It confirms the person or business owns the bank account before money moves, and re-verifies whenever details change, so an urgent “pay this new account now” cannot succeed on charm alone. It is not a staff-training or email-filtering product, so it works best alongside awareness programs. See how it works and our overview of payment fraud prevention in Australia.
Also known as: social engineering attack
Last updated: 7 July 2026
Related terms
- Phishing Phishing is a scam where fraudulent emails, texts, or websites pose as a trusted organisation to trick people into revealing passwords, financial details, or approving payments.
- CEO Fraud CEO fraud is a scam where an attacker impersonates a senior executive, such as the CEO or CFO, to pressure staff into making an urgent payment or changing payment details.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
- Spear Phishing Spear phishing is a targeted form of phishing that uses personalised details about a specific individual or organisation to make the fraudulent message more convincing.
See also: Business email compromise , CEO fraud , Payment fraud prevention in Australia
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.