Digital security trainers often speak about phishing within their events. It’s useful and relevant to the situation. However, phishing is just one example of a threat that uses the general sets of methods known as social engineering.
Social engineering may have different targets (not even related to passwords/accounts). For example, bad guys can manipulate information to ruin relationships between people and influence psychological climate in an NGO. I know at least one example when social engineering was used for diffamation of a civil activist. Once it was that some adversaries distributed wrong information about the starting date/time of an event to spoil working plans. I can easily imagine how social engineering could be used to motivate a person doing some particular things which could lead to physical and legal risks.
When we explain phishing we commonly teach people people how to see particular suspicious details in particular messages. I think that (maybe) it’s worth thinking of teaching people how not to be manipulated in general and to avoid risks that I mentioned in the previous paragraph.
Example: I made attempts to talk on so-called chain letters in our target audience and bumped into resistance and misunderstanding. “Why? How is it related to security? OK, I now understand it was a silly email that I reposted to my friends on Facebook, but it was innocent. No one lost any passwords, money or other values (well, maybe some time)”. People didn’t realize that they became victims of social engineering - the system of methods used by phishers.
Anyone who shares this idea and wish to work on “Social engineering” theme for educational programs/materials please feel free to add your comments. Perhaps you already know some great publications/presentations on that (aimed at our audience, indeed).