Some white hat security professionals used USB drives to circumvent security at a credit union they were assessing.  Basically, they install trojans on the drives and left them where the employees would find them (parking lot, smoking areas, etc.).  Then they sat back and waited for the employees to find them, take them into work, plug them in, and run the trojan files while they explored their newfound toys' contents.  Brilliant.

Excerpt:

After about three days, we figured we had collected enough data. When I started to review our findings, I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management.

Of all the social engineering efforts we have performed over the years, I always had to worry about being caught, getting detained by the police, or not getting anything of value. The USB route is really the way to go. With the exception of possibly getting caught when seeding the facility, my chances of having a problem are reduced significantly.

Read the full article.