Why do consumers respond to smishing messages despite knowing it exists? The Smishing Report 2022 dedicated an entire section to this paradox - revealing that the issue lies less in awareness, and more in behaviour under pressure. The awareness gap According to wider analysis, 95% of consumers could not reliably detect fraudulent SMS messages. This reflects what psychologists call overconfidence bias - people believe they can spot scams, yet fail to apply that confidence under stress. The fraud moment PORGiESOFT Security’s victim research and OSINT analysis revealed a pattern called the fraud moment - a short window between receiving a message and deciding to act. During that short interval, emotional response overrides rational thought. The report identified three high-risk triggers: Financial anxiety – messages about refunds or fines. Social pressure – fake job or delivery updates. Authority bias – impersonations of government or banks. In each case, the victim’s emotional state det

PORGiESOFT Security researched and provided a quantitative map of the UK smishing ecosystem, detailing how threat actors, infrastructure and victims intersect. What did we learn? 1. Attack infrastructure Nearly 99 percent of all messages were written in English, confirming that UK consumers remain a primary focus for global smishing campaigns. The study identified nine distinct classes of smishing messages, from Class A (URL only, 58 %) to Class M (multiple fraud data points, 8.2 %) and smaller reply-based classes (Y and Z) that asked users to text “Y”, “YES”, or “STOP”. Each class revealed a different operational intent - whether to capture clicks, phone calls or conversation engagement. On the organisational side, 13 impersonation levels were mapped. The top three were: Banks (Level B) – 39.4 % of attacks Parcel Delivery Companies (Level P) – 26.3 % Government Departments (Level G) – 16.3 % Together, these sectors accounted for over 80 percent of all UK smishing incidents analysed.

Explore the world of phishing scams and learn how to protect your personal data with effective strategies and insights.

“2LOD” stands for Second Line of Defence, a risk management concept widely used in financial services, government and enterprise. In fraud prevention, 2LOD tools refer to the technologies, analytics and frameworks that provide oversight, assurance, and monitoring over frontline operations. Understanding the Three Lines Model 1st Line: Business units that own and manage risks day-to-day. 2nd Line: Risk and compliance teams that monitor and challenge the first line. 3rd Line: Internal audit that provides independent assurance. 2LOD tools help the middle layer function effectively. They don’t stop fraud directly but ensure that detection, monitoring and governance are robust. Examples of 2LOD anti-fraud tools Fraud Control Models - Intelligence-driven framework for mapping and benchmarking anti-fraud maturity. Fraud Risk Dashboards - Visual analytics showing real-time exposure across departments. Policy Assurance Systems - Tools to verify that fraud procedures are being applied consisten

Authorised Push Payment (APP) fraud has emerged as one of the most damaging forms of financial crime in the UK. Unlike traditional scams, APP fraud relies on deception rather than hacking. Victims are persuaded to transfer money themselves - to a criminal account they believe is safe. How APP fraud works A typical case begins with a convincing impersonation: a phone call from “the bank’s fraud team”, an SMS alert, or even a WhatsApp message appearing to come from a family member. The victim is told their account has been compromised and that they must transfer funds “for protection”. Once the transfer occurs, the funds are often dispersed through a web of mule accounts within minutes. The emotional dimension Fraudsters no longer rely solely on technical skill. They exploit emotion - fear, trust, love, urgency - to manipulate and confuse victims. PORGiESOFT Security’s behavioural analysis shows that victims generally report “feeling pressured by authority” during the scam. Why detection

When PORGiESOFT Security first released the Smishing Report 2022, it was one of the first threat intelligence studies to classify smishing using both linguistic and organisational taxonomies. The findings revealed a sophisticated and fast-evolving threat landscape. At the time, 45 million UK adults (around 71% of the population) had received a smishing text. More than 3,000 attacks were analysed and classified into nine attack classes and thirteen levels, revealing how fraudsters weaponised SMS as a psychological and technical tool. The scale of the problem The report found that smishing was not random. It followed discernible trends and emotional triggers. The top three impersonated sectors were: Banks (Level B) - 39.4% of analysed messages Parcel Delivery Companies (Level P) - 26.3% Government Departments (Level G) - 16.3% Together, these categories represented over 80% of all smishing activity in the UK at the time. Since then, smishing has only grown more complex. Threat actors no