There’s a really good paper that has won the first annual Security Best Practices competition held by FIRST (www.first.org ) and the CERT Coordination Center . The paper is from Taiwan, and shows a very interesting methodology of study, and more importantly a means to educate the human. As the paper says; “Social engineering concentrates on the weakest link of the computer security chain, which is also the most essential part of the security component: human.” You owe it to yourself to read it, and try to implement something educational within your organization. Your security patches will have no effect against a good social engineer.