Social Engineering is the science of using social interaction to influence others on taking computer-related actions of attacker’s interest. It is used to steal credentials, money, or people’s identities. After being left unchecked for a long time, social engineering is raising increasing concerns. Despite its social nature, state-of-the-art defense systems mainly focus on engineering factors. They detect technical features specific to the medium employed in the attack (e.g., phishing emails), or they train final users on detecting them. However, the crucial aspects of social engineering are humans, their vulnerabilities, and how attackers leverage them, gaining victims’ compliance. Recent solutions involved victims’ explicit perception and judgment in technical defenses (Humans-as-a-Security-Sensor paradigm). However, humans also communicate implicitly: gaze, heart rate, sweating, body posture, and voice prosody are physiological and behavioral cues that implicitly disclose humans’ cognitive and emotional state. In literature, expert social engineers reported monitoring such cues from the victims continuously to adapt their strategy (e.g., in face-to-face attacks); also, they stressed the importance of controlling them to avoid revealing the attacker’s malicious intentions. This thesis studies how to leverage such behavioral and physiological cues to defend against social engineering. Moreover, it researches humanoid social robots - more precisely the iCub and Furhat robotic platforms - as novel agents in the cybersecurity field. Humans’ trust in robots and their role are still debated: attackers could hijack and control them to perform face-to-face attacks from a safe distance. However, this thesis speculates robots could be helpers, everyday companions able to warn users against social engineering attacks, better than traditional notification vectors could do. Finally, this thesis explores leveraging game-based entertaining human-robot interactions to collect more realistic, less biased data. For this ...