you know the computer thing is it plugged in?
Plugging in ethernet can absolutely be a risk.
If you tell your client to plug in ethernet before you have confirmed they're running windows XP, you just ruined their PC.
There's a reason experts hail the air gap as one of the best lines of defense against intrusion.
I doubt the people they're referring to are running windows xp.
Also, iirc the windows xp thing only works without a router.
Back in the XP days, PCs were often jacked directly into the internet. Remember having to add a 3rd party firewall like Zone Alarm? :)
I was installing cable internet at the time, my customers out there straight raw dogging the internet.
The USB dongle is a legit concern. Never plug anything into your computer if you don't know where it came from.
Dropping compromised flash drives in places like parking garages is 100% a used tactic. It's been used to gain access to government systems before.
Tried the test at my last job, one week after my security talk. LOL, it took two days until someone picked it up off the floor and set it on the printer table. Surprised it didn't come with a note, "Get bent Shalafi! We're onto your games!"