Hi PigDog,
As you may read here:
http://labmice.techtarget.com/security/socialengineering.htm, social engineering is still one of the most effective forms of hacking, especially with end-users that are not trained to react in an appropriate way.
It works through the Shiva method. For instance you go for the low hanging fruit first, phone someone, say you see their computer is at danger, they will try to help you any way you want. The computer is a rock solid bastion, the person behind it maybe is another n33b, then the data on this secured computer maybe not so secure at all. Use your fantasy or train the end-user to work according to strict protocols: never talk to strangers, always say you will call back, secure hardware physically, etc. etc., else the human firewall is broken.
polonus