The collection and dissemination of information about people by businesses and governments is ubiquitous. One of the main threats to people's privacy comes from human carelessness with this information, yet little empirical research has studied behaviors associated with information carelessness and the ways that people exploit this vulnerability. The studies that have investigated this im-portant question have not been grounded in theory. In particular, the extant literature reveals little about social engineering threats and the reasons why people may or may not fall victim. Synthesizing theory from the marketing literature to explain consumer behavior, an empirical field study was conducted to see if factors that account for successful marketing campaigns may also account for successful social engineering attacks.