The IRS did a test. They called 100 different employees and managers posing as IT technicians. They were asked to provide their computer login and change their password. 35 of them did so.
The fact that this happened is not surprising, it is the most common trick for hackers to use. Yes, their are tools and methods to get passwords without the user ever knowing by using technology. Programs and hardware sniffers can steal this information, but they are very hard to operate. It is always smart when entering data such as credit card information on a web page to make sure it is a secure connection.
But the number 1 way to get your information is through social engineering. This is a fancy name for getting people to tell you the information you need, as the IRS inspectors did. Most of the infamous hackers had the tools, but they always got their information from someone telling them, reading it off a piece of paper taped to the the desk or monitor, or in the garbage.
The lesson in this is to not give out your password to anyone!!! If someone calls asking for it, say you will call the help-desk back. Do not reply to the email you get from E-bay or your bank saying your account is going to be closed if you do not reply to this email in the next 3 days. This is called phishing and it is the newest phenomenon in social engineering.
Be smart and safe with your information and the internet is a great place to shop and learn. Fall for the scams and it can be a horrible experience.