Forum Discussion
I'd look up how they cover social engineering in IT security courses.
One thing that would mention is this training should teach a mindset and skill set. Attacks rarely come from just one source. They can be very good and convincing. I worked for a government agency a few years ago where we were faced with an attack that captured the verisimilitude of a government email, just the right amount of boring and acronyms to lower peoples guard and get them to sign into a fake site that would harvest their access.
As a start you might look into the educational content to help security certification's like the CompTIA secuirty+
https://www.youtube.com/watch?v=xrdYV7bXQVc
https://www.youtube.com/watch?v=irtZYnkcFbc
https://www.youtube.com/watch?v=XxINeDjfJ-c