Social　engineering　has　been　increasingly　used　during　the　past　few　years.　Social　engineering　attacks　have　resulted　in　great　financial　losses.　Research　on　social　engineering　models　and　frameworks　is　still　in　its　elementary　stage.　An　appropriate　social　engineering　framework　can　interpret　all　the　attack　components　and　their　relationships　clearly,　which　will　contribute　to　the　defense　of　social　engineering　attacks.　In　this　tutorial　paper,　existing　social　engineering　models　and　frameworks　are　summarized　and　a　new　social　engineering　framework　is　proposed　involving　the　concept　of　the　session　and　dialogue.　An　entire　social　engineering　attack　is　defined　as　a　social　engineering　session　(SES).　A　social　engineering　dialogue　(SED)　refers　to　a　specific　attack　phase,　which　is　included　in　a　SES.　A　SES　contains　several　well-organized　SEDs.　Then,　the　attack　graph　is　used　to　formalize　the　proposed　social　engineering　framework.　The　SED　is　treated　as　an　atomic　attack　during　the　whole　SES.　The　human　weaknesses　that　an　attacker　can　exploit　are　described　as　vulnerabilities,　the　information,　and　trust　that　an　attacker　owns　as　permissions.　Finally,　three　real-world　social　engineering　cases　are　analyzed　using　the　proposed　framework　and　attack　graph.　The　analyses　illustrate　the　usability　of　the　proposed　framework　and　provide　a　better　understanding　of　various　social　engineering　attacks.