When Kevin Mitnick testified before Congress in 2000 he talked about social engineering: "I was so successful in that line of attack that I rarely had to resort to a technical attack," he said. "Companies can spend millions of dollars toward technological protections and that's wasted if somebody can basically call someone on the telephone and either convince them to do something on the computer that lowers the computer's defenses or reveals the information they were seeking."
When you think about it, it so obvious. We spend so much time securing servers (at least, in my company), that most people forget that the weakest link in any system is always the Users. Take it to heart.