Its no mystery that online social engineering is a major problem. From emails from friends stuck in the UK, to fake anti-virus, to fake bank texts, people are being barraged with threats convincing enough to suck in even alert consumers. Businesses are seeing systems overtaken and secrets lost by spear phishing emails with attachments and links. People dont know what to believe anymore. It would be easy for us to throw up our hands and blame the user for making poor choices, but pointing fingers at and abandoning the fight might not be the best strategy. In this talk Ill explore the size of the social engineering problem and communication methods of reputable organizations that make it difficult for people to differentiate the real from the scam. I will also go over how technology, process, and culture change can be used to help people avoid social engineering attacks. Finally, Ill explore the cutting edge of social engineering including automated target research, customization based on cultural attributes, and phone-based attacks.