Along　with　the　rapid　development　of　socio-technical　systems,　people　are　playing　an　increasingly　important　role　in　information　system　and　have　actually　become　an　essential　system　component.　However,　unlike　technology-based　attacks　that　have　been　investigated　for　decades,　social　engineering　attacks　have　not　been　efficiently　addressed.　In　particular,　due　to　the　interdisciplinary　nature　of　social　engineering,　there　is　a　lack　of　consensus　on　its　definition,　hindering　the　further　development　of　this　research　field.　In　this　paper,　we　propose　a　comprehensive　and　fundamental　ontology　of　social　engineering　based　on　a　systematic　review　of　existing　social　engineering　taxonomies　and　ontologies　in　order　to　provide　a　theoretical　foundation　for　social　engineering　analysis.　The　essential　contributions　of　this　paper　include:　(1)　propose　a　comprehensive　ontology　of　social　engineering　and　precisely　specify　ontological　definitions　of　its　essential　concepts　based　on　Situation　Calculus;　(2)　enumerate　and　summarize　a　set　of　social　engineering　techniques　and　present　their　fine-grained　classification　based　on　the　proposed　ontology;　(3)　incorporate　psychology　and　sociology　knowledge　into　social　engineering　analysis,　encapsulating　such　knowledge　in　terms　of　a　formalized　ontology.　We　have　evaluated　our　ontology　based　on　a　set　of　real　social　engineering　attacks,　the　results　of　which　show　the　usefulness　of　our　proposal.　©　2020　Elsevier　Ltd