It’s not enough to teach your users not to click on unknown links or open attachments from untrusted senders. It’s also important to educate them about more devious attack methods such as fake WAPs, cookie theft, advanced file name tricks, and file location exploits.
Read about these and more in this InfoWorld article from Roger Grimes:
http://m.infoworld.com/d/security/7-sneak-attacks-used-todays-most-devious-hackers-227557?page=0,1