For an excellent scenario on social engineering, read the blog entry from today, 5-13-09, http://www.bankersonline.com/bankrobbery/.
This fellow had access to the building, user logon info for systems he now had access to, and he even set up office for several days
in a meeting room. He did everything but join the health plan.
Could this happen in your bank?
(For those not accessing the Private Security forum, I am cross-posting this in the Public area.