Social engineering is one of the attacks that are the most difficult to prevent in recent years. It takes advantage of people’s vulnerability such as the curiosity or the lack of alert awareness to perform fraud or phishing. It gets the profits from the victim, such as the personal information, account, password, and money through phone call, Email, and fake identity. With case study method, the study explores the preference of clicking mail types, difference of clicking time, clicking trend and top three clicking items of the government/education/telecom/finance/logistics institutions in Email social engineering, so as to conduct behavioral analysis. The top three among the 12 categories of social engineering mails classified by the study are: health (16%), science and technology(14%), and news(13%). It indicates that the citizens value the information related to health. The clicking mode ranks are: open letter (74%), open the attached file (19%), and click URL (7%).The clicking rate ranks of the institutions are: logistics(221%), finance(218%), telecom(83%), education(30%), and government(2%).