With the wider applications of information technology, and information security breaches continuing to occur on a regular basis, information security awareness and the active prevention of information security incidents have received increased attention in most enterprises and organizations. Based on the literature research, in recent years, social engineering e-mails have increasingly become an issue; however, the related research on the impact of social engineering e-mails has not increased accordingly. Existing computer security systems seem unable to guard against social-engineering e-mails; many e-mail messages contain social engineering attacks, and even those who have previously been victims have failed to detect a future attack, even if they have an information security background.The purpose of this study is to find out the reasons of the successful attacks on individuals with cognitive social engineering related backgrounds, the types of information security awareness which are most effective in preventing social- engineering e-mail attacks, and the factors which can reduce the number of successful attacks. In this study, 216 internal staffs of Executive Yuan A department and 33 Information Management postgraduate students of B University were selected as the sample group. The researcher first created a number of virtual e-mail accounts. He then sent requests to each of the sample group, both from his own account and the virtual accounts, inviting the group to complete an assessment questionnaire of information security awareness. The results were then assessed and the respondents in the top 1/3rd and lower 1/3rd (using a weighted score assessment technique) of the sample group were interviewed face to face. The information from the interviews increased the understanding of the attitudes to information security of the sample group; this was combined with the results of the questionnaire assessments to provide the exploratory study and narrative analysis, and the following conclusions: 一、 Most of the member with a high security awareness click on e-mail respondents in the social engineering tests because of lack of awareness of information security. 二、 The majority of respondents believed that the aspects of information awareness such as "social engineering", "information security events and prevention", and "Basic concepts of information security" are the most effective means of preventing social engineering e-mail attacks. 三、 The majority of respondents also believed that "information security awareness", "good habits", and "information security training" are the major factors to reduce the success of social engineering e-mail attack. 四、 Increased security awareness has a positive impact on the prevention of successful attack through social engineering e-mails. 五、 Information security awareness has a strong impact on the level of ability to judge the safety of e-mail. 六、 The extent of understanding of social engineering e-mail has a positive relationship with the level of information security awareness. 七、 There is no significant relation between information security awareness level and browsing or opening unsolicited e-mail attachment, however, the factors, "information security awareness" and "good habits", are the important issues for the e-mail attachment. 八、 Most of the respondents click the social engineering test message based on the familiar to the sender. This demonstrates that most people have less awareness of the risk of attack if e-mails come from, or appear to come from, relatives and friends. These conclusions are what information security management department and the managers should be addressed and, then, pay attention to reduce the success of attack by social engineering e-mail.