System　security　analysis　has　been　focusing　on　technology-based　attacks,　while　paying　less　attention　on　social　perspectives.　As　a　result,　social　engineering　are　becoming　more　and　more　serious　threats　to　socio-technical　systems,　in　which　human　plays　important　roles.　However,　due　to　the　interdisciplinary　nature　of　social　engineering,　there　is　a　lack　of　consensus　on　its　definition,　hindering　the　further　development　of　this　research　field.　In　this　paper,　we　propose　a　comprehensive　and　fundamental　ontology　of　social　engineering,　with　the　purpose　of　prompting　the　fast　development　of　this　field.　In　particular,　we　first　review　and　compare　existing　social　engineering　taxonomies　in　order　to　summarize　the　core　concepts　and　boundaries　of　social　engineering,　as　well　as　identify　corresponding　research　challenges.　We　then　define　a　comprehensive　social　engineering　ontology,　which　is　embedded　with　extensive　knowledge　from　psychology　and　sociology,　providing　a　full　picture　of　social　engineering.　The　ontology　is　built　on　top　of　existing　security　ontologies　in　order　to　align　social　engineering　analysis　with　typical　security　analysis　as　much　as　possible.　By　formalizing　such　ontology　using　Description　Logic,　we　provide　unambiguous　definitions　for　core　concepts　of　social　engineering,　serving　as　a　fundamental　terminology　to　facilitate　research　within　this　field.　Finally,　our　ontology　is　evaluated　based　on　a　collection　of　existing　social　engineering　attacks,　the　results　of　which　indicate　good　expressiveness　of　our　ontology.