One of the most innovative aspects of the Smishing Report 2022 was its forensic linguistic framework - a system that treated text messages as structured data rather than random spam. By analysing grammar, tone, syntax, and response prompts, PORGiESOFT Security’s Threat Intelligence Function could uncover consistent behavioural patterns across threat actors.
Language as an intelligence layer
The research introduced nine smishing “classes”, each representing a distinct linguistic strategy. This classification showed that language choice directly correlated with sophistication across the global threat landscape. Simpler messages often targeted broad audiences (“Your package is waiting”), while complex multi-element messages targeted high-value individuals.
The linguistic shift
Between 2020 and 2022, the report observed a clear simplification in sentence structure and increase in conversational tone. Older scams used rigid, formal phrasing (“Kindly verify your account to avoid suspension”). Newer ones mimicked human texting habits (“Hey, your parcel is ready for delivery”).
By 2025, that pattern continues - now often written in first person or even emoji-accented text. Fraudsters learned that conversational familiarity lowers suspicion.
Emotional syntax
Analysis of thousands of smishing samples revealed the most common linguistic emotions:
- Urgency - “Your payment will be suspended unless…”
- Relief - “We’ve refunded your £2.99 fee.”
- Fear - “Your account has been compromised.”
- Curiosity - “Is this you in the photo?”
Each emotion corresponds to a predictable response curve. For instance, “relief” messages had higher click rates among previously scammed users.
Key takeaway
Every smishing message is a micro-script designed for emotional activation. Treating text as data - as PORGiESOFT Security pioneered in the Smishing Report 2022 - transforms how analysts understand and pre-empt fraud.
