Social　engineering　attacks　are　a　growing　threat　to　modern　complex　systems.　Increasingly,　attackers　are　exploiting　people＇s　＂vulnerabilities＂　to　carry　out　social　engineering　attacks　for　malicious　purposes.　Although　such　a　severe　threat　has　attracted　the　attention　of　academia　and　industry,　it　is　challenging　to　propose　a　comprehensive　and　practical　set　of　countermeasures　to　protect　systems　from　social　engineering　attacks　due　to　its　interdisciplinary　nature.　Moreover,　the　existing　social　engineering　defence　research　is　highly　dependent　on　manual　analysis,　which　is　time-consuming　and　labour-intensive　and　cannot　solve　practical　problems　efficiently　and　pragmatically.　This　paper　proposes　a　systematic　approach　to　generate　countermeasures　based　on　a　typical　social　engineering　attack　process.　Specifically,　we　systematically　＇attack＇　each　step　of　social　engineering　attacks　to　prevent,　mitigate,　or　eliminate　them,　resulting　in　62　countermeasures.　We　have　designed　a　set　of　social　engineering　security　patterns　that　encapsulate　relevant　security　knowledge　to　provide　practical　assistance　in　the　defence　analysis　of　social　engineering　attacks.　Finally,　we　present　an　automatic　analysis　framework　for　applying　social　engineering　security　patterns.　We　applied　the　case　study　method　and　performed　semi-structured　interviews　with　nine　participants　to　evaluate　our　proposal,　showing　that　our　approach　effectively　defended　against　social　engineering　attacks.