Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages

Group-IB documents a sophisticated, large-scale smishing/phishing campaign ("Smishing Error524") active since H2 2025 that impersonates 260+ brands across 72 countries—primarily targeting LATAM—and uses thousands of short-lived domains, Base64-encoded Single Page Applications, Cloudflare-styled decoy error pages (e.g., Error 524), geofencing/mobile-user filters, and encrypted WebSocket channels to exfiltrate personal data and full credit card credentials in real time.