Group-IB researchers have uncovered a large-scale SMS phishing operation known as Error524 that targeted users across 72 countries. Scammers impersonated well-known companies and redirected victims to fake websites designed to steal personal and banking information.
Experts at Group-IB have uncovered a large-scale international smishing operation known as Error524, targeting users across dozens of countries worldwide.
Smishing is a type of phishing attack in which criminals use SMS messages to redirect victims to fake websites and steal personal information or money.
According to researchers, the scammers sent messages on behalf of well-known brands, banks, telecom operators, delivery services, and loyalty programs. The SMS messages encouraged users to:
- claim a bonus;
- confirm a delivery;
- redeem loyalty points before they expired;
- complete a data verification process.
After clicking the link, victims were redirected to fraudulent websites designed to resemble legitimate company websites.
One of the campaign's key features was a visitor-filtering system. The phishing pages were not accessible to everyone. If the site was visited by cybersecurity researchers, users from non-targeted countries, or visitors using unsuitable devices, a fake Cloudflare error page — most commonly Error 524 — was displayed. This helped the attackers conceal their infrastructure from detection.
On the phishing websites, victims were first asked to provide a national identification number. They were then shown a supposedly personalized offer from a well-known brand.
Users were subsequently prompted to enter:
- full name;
- residential address;
- email address;
- phone number;
- bank card details;
- card expiration date;
- CVV code.
According to Group-IB, the campaign's infrastructure involved:
- 72 countries;
- 260 brands;
- 4,389 phishing domains.
Researchers note that cybercriminals continue to rely on social engineering tactics, disguising fraudulent resources as websites of trusted companies and services.
SecurityLab, based on research by Group-IB.