Why do consumers respond to smishing messages despite knowing it exists? The Smishing Report 2022 dedicated an entire section to this paradox - revealing that the issue lies less in awareness, and more in behaviour under pressure.
The awareness gap
According to wider analysis, 95% of consumers could not reliably detect fraudulent SMS messages. This reflects what psychologists call overconfidence bias - people believe they can spot scams, yet fail to apply that confidence under stress.
The fraud moment
PORGiESOFT Security’s victim research and OSINT analysis revealed a pattern called the fraud moment - a short window between receiving a message and deciding to act. During that short interval, emotional response overrides rational thought.
The report identified three high-risk triggers:
- Financial anxiety – messages about refunds or fines.
- Social pressure – fake job or delivery updates.
- Authority bias – impersonations of government or banks.
In each case, the victim’s emotional state determines vulnerability, not their technical literacy.
Implications for awareness campaigns
Traditional “spot the scam” training assumes rational users. The data proves otherwise. That’s why PORGiESOFT Security’s post-2022 strategy shifted toward empathy-driven awareness. Through simulations, employees and citizens now experience realistic scam interactions - not just static checklists.
Building resilience
Behavioural change requires repetition, context and relevance. Monthly micro-learning updates, like those embedded in the Fraud OS Awareness Suite, ensure people adapt alongside evolving threats.
Key takeaway
Smishing is as much a psychological challenge as a technical one. To build real resilience, awareness must teach people to feel the manipulation - not just to memorise red flags.
