Multistep social engineering attacks (that involve a chain of users) are a serious threat to an organization’s information security. Usually such attacks require an integrated approach to reduce the probability of their success. This approach can be analysis of the social graph with modeling of scenarios for the spread of multistep social engineering attacks, highlighting the most critical among them, the development of ways to reduce criticality and directly implement the most effective measures. The goal of this work was to improve the approach to modeling multistep social engineering attack by including the factor of accidents in the model of a malefactor’s actions. The novelty of the research lies in the proposal of the new approach to the analysis of multistep social engineering attacks, taking into account the factor of accidents of the malefactor’s actions. The theoretical significance of the work is to create a foundation for further modeling and analysis of multistep social engineering attacks. The practical significance of the study lies in the formation of a tool for a comprehensive analysis of the organization to identify the most critical scenarios for the development of social engineering attacks.