Purpose. Nowadays, one of the most important issues of information security for organizations is increasing number of successful social engineering attacks. Significant feature of such attacks is the complexity of related incidents investigation. Currently, there are methods for investigating information secure incidents, which occurs due to use by malefactors hardware-software vulnerabilities, however, there are no similar widely used tools if social engineering attacks incident happens. The aim of the work is to develop maximum likelihood estimation methods, which are directed to detect social engineering attack trajectories and information system compromised users. It facilitates the investigations of social engineering attacks. Methods. A probabilistic approach to assess the degree of user vulnerability to social engineering attacks, an organization information system graph model, which represents user profiles and relations between them, and, also, the critical user documents are used. The novelty of the