Hereby an excellent ZDNET paper about social engeering

did u know about Password conundrum?

Full article here
People have more passwords to remember than they used to. As a result, it's common for people to use the same password for access to multiple locations, including using the same password for system access at work and at home.

In some cases, hacker groups set up Web sites advertising a bogus sweepstakes. They then require anyone registering for the sweepstakes to supply a username and password for future access to the site. Soon a database of thousands of usernames and passwords is compiled. A "robot" then systematically attempts to log on to many popular Web sites using the supplied usernames and passwords. The hacker group can then use details from these sites to gain more information. For example, if a hacker is able to get into a person's Hotmail account, he or she might be able to figure out where the person works and then be able to try to break into that company's computers using the person's logon name and password.