Having worked for a Defense Contractor and been forced to go through social engineering training in the past, the idea of gathering information like this is very real and happens everyday. Hopefully this makes people think twice before exposing certain personal information online for all to see.
Was the class actually worthwhile, or was it just CYA? Some sort of taxonomy/formalisms for thinking about social engineering would be cool. I have no structured mental model now.
It's probably more like social engineering defense training. The usual scenario being: You're at a conference and a hooker type shows up at your hotel room out of the blue, do you a) invite them in and have a good time, especially leaving your laptop/files/etc alone with them while you sleep/clean up/get some liquor, b) not do that.
I would say it was more of a prevention/education type of course that all employees possessing some level of government clearance were required to take. Essentially different real-life scenarios were presented to demonstrate the extent foreign governments will go to gain classified information.
An easy example I remember being presented was a case where a foreign government may find out about a defense contractor conference and will send someone to nearby hotels to just sit around at the lounge bar and simply strike up conversations with those around. Needless to say, most people with a few drinks in them and a friendly person to talk to will be fairly candid with who they are, where they work, where they live, what they do, etc, etc, etc. All of this information would then be compiled into a folder on an individual and once enough data is collected it could potentially be used to blackmail or maybe even counterfeit someone's identity to steal government secrets.
To me, the main goal of the training was to demonstrate how easily another person or government could gather extensive personal information on an individual and potentially use it to gain access to government secrets. Teaches you to take extra care with the information you share publicly.
Everything you said is true, but remember almost no one will go to lengths unless they think you have something worth it. As a Defense Contractor you likely had access to such things, hence the training. Most people just have their personal possessions, and robbing a house is often relatively easy without going to lengths for social engineering.
