Hacking is a really, really broad "thing." 99.999% of it is not remotely close to the glamorous stuff on TV. A lot of it is just poking and prodding at networks to see where connections give up information you can then use to get inside the network. A lot of it is doing the same thing but with individual machines to elevate your access permissions and read/write files you otherwise wouldn't be able to touch.
Social engineering is the technical term for "calling and asking for a password," more generally speaking. It includes things like the aforementioned call, and other things like impersonation, looking over someone's shoulder at their screen, and other, more sophisticated techniques. Some of those techniques include (spear) phishing, which you might receive emails attempting to do. Things like fake login pages for websites sent to you in emails are one type among various phishing techniques. There's a type of technique called "quid pro quo" that can involve calling someone and pretending to be someone else (e.g. tech support) and having them actually run software for you that compromises their machine/network.
This answer isn't comprehensive (hacking isn't my specific field within computer science) but hopefully gives you a solid jumping off point for further exploration!
Exactly 0% of it is similar to movies or TV, something like 2% of it is like calling and asking for a password.
Asking somebody for their password or other form of access to a system only happens during what is termed "physical penetration testing" (who came up with that, is what I want to know), which is broadly speaking a test of an organisation's physical security measures, in addition to or independently of their computer systems. If the company under test has agreed to such forms of social engineering to be used, then this situation might come up. It's not very often that it does so, because it is arguable that it is not a test of a computer system or a network, but of employee habits and compliance. So, whether this happens is subject to _what a company_ wants to be tested.
Most other aspects of adversarial information security, like:
* vulnerability research
* exploit development
* software development (for tooling, etc.)
* data analysis (e.g. assessing data breaches, producing actionable data from various measurements, etc)
* formal methods (e.g. producing, verifying, or disproving automated proofs of security properties of systems)
* threat intelligence and risk assessment (quantifying and understanding the risks of threats)
1. extremely tedious
2. long-term tasks
3. possibly system-specific (e.g. you may be developing an exploit for a certain platform and CPU architecture and so forth) and thus..
4. very error-prone
All conducive to being terrible plot devices. :-)
I can't think of any TV show that accurately portrays hacking. Sneakers did an OK job of showing social engineering, which as you say is calling and asking for the password. Kevin Mitnick infamously did this in his early career. Lots of well publicised breaches happened this way, no real technical knowledge required you just need to be good at talking to people convincingly.
Real hacking requires a knowledge of networks and operating systems. The most common method is scanning for open ports, then checking if that port has a known vulnerability and attempting to exploit it. It can be quite long and tedious. Occasionally breaches are discovered that simply the process and they get well publicised, it's always an arms race between keeping systems patch and staying ahead of those trying to get in. This is why patching your OS regularly is so important.
Hacking has become the catch all phrase, but note some of the old school guys will take offence and prefer you use the term "cracking". I'm not wading into that debate just for information.