Error 524 Decoy: Desenmascarando una Operación Global de Smishing Oculta Tras Páginas de Error

**Executive summary:** Group-IB documents an active, highly automated smishing/phishing campaign dubbed "Smishing Error524" that has deployed 4,389 phishing domains across 72 countries (concentrated in Mexico, Chile and Colombia) to impersonate brands in telecoms, finance and rewards programs; the operation uses Cloudflare error-page decoys, Base64‑encoded single-page apps, geo/user-agent gating and encrypted WebSocket exfiltration to harvest full PII and credit card data and then redirect victims to legitimate sites to reduce detection.