As information technology becomes increasingly common, the vigilance people have toward information security has also heightened gradually. Though there are physical devices for information security that can be relied on to strengthen protection within an enterprise in order to reduce threats to information security, the loopholes of information security are mostly caused by human negligence. Seeing that social engineering via the Internet is strongly threatening the information security of individuals, in this study, we analyze the possible reasons why individuals are seduced via social engineering, using the related factors of users’ self-efficacy in information security. The results of this study indicate that whether users are seduced via social engineering is substantially correlated to the risk they perceive in e-mails. Nowadays, as people from all fields have gradually put more emphasis on information security, in addition to helping users to understand all kinds of ways to enhance the security of information, organizational managers must also let end-users understand the risks in using e-mail, thereby securing information within their organizations.