In an exploratory quasi-experimental study, 138 students recruited during a university orientation week were exposed to social engineering directives in the form of fake emails, or phishing, over several months in 2017. The study assessed the risks of cybercrime for students by observing their responses. Three types of scam emails were distributed that varied in the degree of individualisation: generic, tailored, and targeted or ‘spear’. The study explored the influence of scam type, cybercrime awareness, gender, IT competence and perceived internet safety on susceptibility to email scams.Although tailored and individually crafted email scams were more likely to induce engagement than generic scams, differences were not significant. Analysis of the variables showed that international students and first year students were deceived by significantly more scams than domestic students and later year students.