One of the most innovative aspects of the Smishing Report 2022 was its forensic linguistic framework - a system that treated text messages as structured data rather than random spam. By analysing grammar, tone, syntax, and response prompts, PORGiESOFT Security’s Threat Intelligence Function could uncover consistent behavioural patterns across threat actors. Language as an intelligence layer The research introduced nine smishing “classes”, each representing a distinct linguistic strategy. This classification showed that language choice directly correlated with sophistication across the global threat landscape. Simpler messages often targeted broad audiences (“Your package is waiting”), while complex multi-element messages targeted high-value individuals. The linguistic shift Between 2020 and 2022, the report observed a clear simplification in sentence structure and increase in conversational tone. Older scams used rigid, formal phrasing (“Kindly verify your account to avoid suspension”)

What is smishing? Smishing refers to SMS-phishing attacks where scam messages are sent via SMS. Instead of longer scams being delivered via emails, it’s scams being sent via text messages. Such messages usually contain a link and impersonate legitimate organisations. Threat actors use various manipulative techniques to convince and trick recipients of smishing messages. Fig 1 - Legacy smishing message Emerging tactics Smishing messages traditionally used to contain only links, but threat actors have adapted their tactics to include confusing linkless messages that use phone numbers or that ask for one word or letter replies without any URLs included initially. Some recent messages we’ve noticed have only contained one word - “Hi”, once the recipient engages with the threat actors by replying they then send further messages sometimes offering work opportunities or acknowledging a non-existent job application. End Game for Smishing Threat Actors The end goal for threat actors is to piqu