This is a whitepaper published by MS (download here). From the download page:
Gain valuable information about the concepts of social engineering within the IT security workspace. In section one, the guide provides a working definition of social engineering that can be used within a company's security policies and is meaningful to non-IT security staff. The guide describes the aims and objectives of an attacker and shows how social engineering, like hacking, is a threat to all businesses, not just enterprise or government institutions. The guide will also cover: