Introduction: Social engineering attacks can be divided into two types: direct (one-way) and multi-pass ones, passing through a chain of users. Normally, there are several propagation paths for a multi-pass social engineering attack between two users. Estimates of the probabilities of an attack to spread along different trajectories will differ. Purpose: Identification of the most critical (most probable) trajectory for a multi-pass social engineering attack between two users. Methods: Methods of searching, matching and algorithm analysis are used to identify the most critical trajectory of attack propagation. They apply the information about the intensity of the interaction between employees in companies based on data extracted from social networks. These algorithms are reduced, using a number of transformations of the original data, to the algorithms of finding the shortest path in a graph. The estimates of a multi-path social engineering attack success probability are calculated with the methods of constructing an estimate of a complex event probability. Results: We have proposed an approach to identifying the most critical trajectories, whose estimate of the attack success probability is the highest. In the simplest case, the problem can be reduced to finding a path in the graph with the maximum product of the weights of all the edges involved. The resource intensity of the algorithm when searching for the most critical trajectory on a complete graph with a large number of vertices can be reduced with a specially developed technique. A brief overview of the methods and algorithms providing automated search for the most critical propagation path of a social engineering attack showed that in a general case it can be reduced, with some transformations, to the problem of finding the most critical trajectory using the configuration of Dijkstra and Bellman — Ford algorithms. The chosen algorithm was adapted for the specified context, and an approach was proposed to thin out the graph when searching for the most critical trajectory. The presented methods and algorithms are implemented in software code. Numerical experiments were performed to verify the calculation results. Practical relevance: The developed software based on the method and algorithm proposed in this article complements the functionality of the previous versions of software prototypes for analyzing the protection of information system users against social engineering attacks. It allows you to take into account a wider range of factors affecting the assessment of social engineering attack success probability.