Social engineering is a common method of manipulating people so they give up confidential information. Attack target is always the human.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
In order to obtain confidential information, it is very often the good faith and the helpfulness but also the uncertainty of a person exploited. From fake phone calls, to people pretending to be someone else, to phishing attacks, anything is possible.
Social networking sites have made social engineering attacks easier to conduct. Today's attackers can go to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed information that can be used to further an attack.