Due to the automated nature of the scam sites, end users and customers of organizations can be targeted swiftly. Phishing sites produced by the automated platform typically last only for a few days, and contain substantial sections that link back to an organization’s valid website; this makes rogue sites created by Classicscam difficult to detect and take down before funds are stolen.

The scam operates by convincing a user or employee that processing fees or delivery fees require the input of credit card information. Organizations should emphasize cyber security awareness training for both customers and employees that highlights typical features of such scams; in particular, at no point should a seller of an item or service be required to input their own credit card information for delivery or processing fees, especially for a bank or other financial service provider. Users should also be encouraged to only work with reputable platforms to which they navigate directly, and users should also be alert to any redirections to misspelled domains. Organizations should clearly communicate to users in regards to which appropriate communications channels and domains for their services should be trusted.

https://www.bleepingcomputer.com/news/security/how-hackers-are-stealing-credit-cards-from-classifieds-sites/

https://www.group-ib.com/media/classiscam-singapore-global-scam-operation/