Yes. With social engineering, I think the thing they're usually taking advantage of is time. How quickly...? You're busy, so they want to catch you off guard and get you to click on something. In social engineering, I'm really talking about them trying to convince you they're somebody they're not, so that you reveal a password, a critical piece of information, or something they need to be able to get into your systems.
One of the key things we always say is that just because somebody has called you and seems to know something, don't trust it. Ask a question or, for example, say what we always say in the banking context, which is that you'll call them back. You say, “Give me a file number and I will look on the back of my credit card and I will call you with the file number.” Then I know that at least I've called the right place. That's a simple step, but it's things like that.... Unfortunately, approaching everything with a little bit of suspicion is one of those things that's necessary in the cybersecurity context now.