A) In the normal world, social engineering could mean anything from a government trying to convince you to believe and act a certain way, or an advertiser attempting to modify your personal purchasing behaviour. If done right, social engineering can be very effective at behaviour modification. The same applies in the computer security world. Most people have now seen phishing attack e-mails which attempt to separate us from our identities and subsequently our hard earned cash. The attackers, all organized crime, have been surprising successful at this criminal form of social engineering and are now focusing more on individual companies.

This often involves a targeted e-mail directed at persons within the company from what looks like a known and trusted entity on the outside. Many company web sites give away enough information to create the means for a viable social engineering attack.

The latest one I've had to deal with involved a realist e-mail from Revenue Canada with a link to what looked like a PDF attachment. The attachment was a downloadable Trojan designed to steal passwords - and it blew right through two layers of top-of-the-line name brand security defences because it was unknown to both vendors.

Here is a great article on Wikipedia on the subject of social engineering attacks.

http://en.wikipedia.org/wiki/Social_engineering_(security)