Here's how it works. You might receive a phone call from a 
representative of your computer company claiming there is a problem 
which requires immediate attention. He may offer to come right over and 
fix it (or, n a variation, he might send you a disk in the mail). Of course, 
while he is there, he reboots your system with a "diagnostic" floppy 
inserted into the drive. When the "tests" are done you will be relieved to 
find out from him that nothing is wrong with your system. Naturally, you 
were just infected with a Trojan house which gives this stranger complete 
access to your system and all of your data files.

A more common social engineering scheme (especially on America 
Online) is to send out an email which says there is a problem with your 
account. Would you please send your username and password by return 
email so it can be fixed? Or perhaps you are asked to visit a web site, 
which naturally requires you to log in with your username and password. 
You might be asked to call a phone number, where the very official 
sounding person on the other end will just want to verify that your 
account is yours by getting your credit card data.