Social engineering is regarded as a rather complicated dilemma in today’s society, and namely in organizations. It uses human behav ior rather than technical measures to exploiting systems and networks and namely things that are valuable to companies and users. However, personal, and sensitive data are certainly available online through so cial networks and online services that lack the protective and effective security measures to protect that information. This study implemented the quantitative method in collecting and analyzing data. A scientific survey has been conducted for the pur pose of gaining deeper insights on that is more vulnerable to catch the bait of phishing attacks in terms of the employee’s age, gender and education, and to finally learn if those users have the knowledge of being always targeted online, and or if they can be targeted and attacked through Social Engineering, in addition to their ability to differentiate between legitimate and phishing emails. The survey was distributed through social media platforms to 155 participants that include Employees and students considering their experience and ed ucational background. The research highlights the significant factors exploited throughout the phishing process, in addition to the susceptibility to social en gineering attacks based on their knowledge, and ability to mitigate them. Based on the findings of this study, The proportion of em ployees with different educational backgrounds, irrespective of their gender and age, possessed the knowledge on what an email scam is, is fairly significant which accounted over 50 % for all users. However, the majority of participants have less experience in dealing with email scams and identifying them. The research demonstrates that male participants become overly curious when finding a lost flash drive, and instantly plug in the flash drive to examine its contents. The results imply that over 52% of the participants don’t possess that knowledge on firewalls mitigating social engineering attacks, whereas only 17% believe that firewalls are effective security measures against them. Furthermore, the results have implications that despite the par ticipants significant knowledge on social engineering and email scams, a majority of them demonstrate that male users are significantly aware of the fact that the flash drive may very contain malicious contents that may damage their computers, and have their curiosity exploited to plug in lost flash drives to examine their content.