
On a night like any other, international student Youhoo had just finished her essay and was about to sleep. A text message from “Coles” popped up in her phone notification bar: “Your points have been accumulated and can be exchanged for goods.”
“I was still on guard at first,” Youhoo recalled, “but when I clicked on the link and saw ‘www.coles.au.com’ on the page, I really thought it was the official website.”
She used her points to exchange for toothpaste, but within a few minutes, 500 Australian dollars were stolen. Only a fraction of the deposit in the account that was originally used to pay the rent was left.
“Clicking the wrong link” – the tip of the iceberg of systemic fraud
This precise fraud that exploits platform loopholes, simulates official websites, and bypasses payment verification is a microcosm of Australia’s 2.03 billion Australian dollars in losses in 2024. According to Scamwatch’s annual report, more than 34 million Australian dollars are trading scams, such as “precise text messages + fake official websites” to complete the theft of bank cards.
Scammers disguise themselves as large brands, use fake domain names and seemingly legitimate behaviors to defraud users of personal information and verification codes, and complete bank card theft.
Youhoo’s story is not an isolated case. Her experience reflects that digital scams are more realistic and sophisticated than ever before with the support of AI tools, deceiving users of trust in the digital space.
“I want to erase this memory”
Youhoo is an international student who has just arrived in Sydney. Due to her busy studies, she has not applied for a supermarket points card.
“I have been pushed to similar text messages by big data. But I never clicked. I was too tired that day, so I thought to myself – ‘Maybe it will be useful’.”
This “professional-looking” web page is a key part of the fraud method. Psychologist Jie Yang pointed out: “Using credible design to achieve user trust in the brand will cause psychological blind spots.”
So, when Youhoo clicked on the logo link, everything looked so “normal” and “real”:
- The website address was consistent with the Coles official website;
- The product description was detailed;
- The customer service response was generated instantly using AI tools;
- The bank card password was not immediately asked for, but the payment process was completed through the “mobile phone verification code”.
“I really thought it was a product exchange, so when I entered the verification code, my money was swiped away before I could react.” Youhoo said. In addition to the loss of money, Youhoo was more “self-blame”.
Ten minutes after being deceived, she couldn’t believe it was true. “It wasn’t until I searched the social media platform that I found out it was a scam.”
She contacted the bank to try to recover the loss, but because it was a link “clicked by the user on his own initiative”, the bank did not compensate her.
After that, she chose to work part-time to make up for the loss caused by this “dreamlike mistake”.
The emotional loss is difficult to quantify. Victims of online fraud often report feeling shame, anxiety, and distrust of cyberspace after being deceived.
What makes these scams so convincing?
Nowadays, the “illusion” created by scammers makes you think you are browsing real web pages, but in fact, you are being hunted. The key lies in two points:
- The fake domain name is cleverly designed: for example, “coles.au.com” is not the official domain name “coles.com.au”, but only the suffix is swapped, which is extremely difficult for ordinary users to detect.
- Simple payment mechanism: Fraudulent websites usually simulate payment interfaces and use the quick payment mechanism provided by mobile payment companies (such as no password, only verification code) to complete the fraud without clearly informing the payment information.

Youhoo, who has the habit of making mobile payments in China, did not realize that just filling in the mobile phone verification code would cause the money in the bank card to be stolen.
Youhoo also pointed the finger at the platform and merchants.
“Coles knows about this kind of scam, and they posted a warning notice at the cash register. In this case, why not do more anti-fraud tips online? Why not cooperate with search engines to block those counterfeit websites?”
Fighting these digital scams is not easy. According to the 2024 Scam Target Report released by Scamwatch, most scam domains are hosted overseas, making them difficult to shut down quickly.
Australia’s current mobile payment system does have a loophole of “fast payment + high trust = low security”, which is exactly what the scammers are taking advantage of.
How to stay safe: Red flags to watch out for
Here are some tips from Scamwatch and the ACSC (Australian Cyber Security Centre):
- Check domain names: .au.com ≠ .com.au! Remember to check the order of URLs;
- Don’t click on SMS links, even if they come from a “familiar brand”;
- Turn on SMS alerts for transactions to spot anomalies immediately;
- Report and mark fraudulent websites to help regulators block phishing domain names;
- Use platforms with buyer protection to pay, avoid direct transfers or encryption; use credit cards or platforms with buyer protection;
We need safer technology and a more trustworthy system.
Behind the fraud incident is a “default trust mode” of a digital security system, not individual “stupidity”.
In this era where every click may be a trap, we need not only prevention skills, but also institutional protection of the digital space. As scammers become more sophisticated, the responsibility for ensuring safety is increasingly shared by consumers, platforms and regulators.
Youhoo said: “I hope someone will not be deceived after seeing this story. If you have experienced something similar, please don’t blame yourself. This is not your fault alone.”
If you suspect you’ve been scammed, you can get help by:
- Submit a report: Scamwatch report page
- Learning support: Australian Cyber Security Centre learning platform
- Get legal support: Australian consumer rights guide
Be the first to comment