Social engineering means an external information security threat that includes exploiting human weaknesses by manipulating people into performing actions that benefit an attacker (Junger et al., 2017; Mitnick & Simon, 2002). Recently, it is a major security threat to organizations, and is often launched through email (phishing) or phone (phone fraud) (Fan et al., 2017). Perpetrators can attempt to establish interpersonal relationships with victims to create a feeling of commitment. Attempting to make a victim react to exclusive offers is believed to make a victim comply with a malicious request as people are in general more eager to buy something that is exclusive and offered for a short time of period (Cialdini, 2006).