On December 6, 2023, Daniel Saunders saw a text from a familiar person on a familiar group chat, selling extra tickets to the Taylor Swift Eras Tour, coming to Sydney in February. Thinking of a Christmas gift for his girlfriend, he privately messaged this person.

The seller told Daniel it would be $600 for two tickets. So he happily sent him the $600 to the account details he was given. Then, he was told it would be $500 for the other two tickets. Daniel sent $500 to the same account, just before being told he needed to send it to a different account.

“Oh my God, I was being so silly,” Daniel said. “God, I hope that hasn’t complicated things.”The seller responded: “Um, yeah, well it has. I needed it in this account.”

He didn’t send the original $500 back, so Daniel was left to send yet another $500 to this other account.“In the hours after that, he then messaged me and [said], ‘Okay, I’m gonna change the names displayed on the tickets, but to do that it’s $400’. And then it dawned on me. Like third time, or fourth time, it finally dawned on me.”In just 40 minutes on a Saturday afternoon, he had paid someone $1,600 before he realised it was all a scam.

“It’s terrible, talking about it. Because… I feel like such an idiot”

“The guy [the owner of the account] messaged me the day after and said, ‘oh my God, my account was hacked. I’m so sorry.’”

At the time he was 21-years-old, studying to finish his undergraduate degree in Health Science and applying to start a Doctor of Physiology. He was President of the Sydney University Musical Society choir, and was organising their 63rd annual Christmas concert happening that very same night. He had been buying the tickets while sitting in the car, just before driving to his girlfriend’s house to meet her before the concert. The plan was to surprise her with those tickets as a Christmas gift.

“That was the busiest I’d ever felt.” And unfortunately for him, that was exactly the moment when this fake ticket scam, via a hacked Facebook account, reached him.

Fraud happens more often, to more people around us, here in New South Wales than we think. And often more than they would like to share.

By mapping out the data that shows an average number of recorded fraud incidents in NSW, we are able to see clearly where the densest numbers of reported fraud cases have been.

First is the Local Government Area (LGA) of Blacktown, which covers 54 suburbs spanning from Prospect to Marsden Park. This includes Tallawong (the end of the northern Sydney Metro line), Blacktown, Quaker’s Hill, Eastern Creek, Seven Hills, and Schofields to name a few. According to the Blacktown City Council website, they are the largest city by population in NSW.

Second is the Sydney LGA, which includes suburbs from Dawes Point and The Rocks to St Peters and Rosebery, and the entire Sydney CBD, Camperdown, Darlington, Newtown and Moore Park. This LGA includes the offices of many major Sydney businesses and several major Australia tertiary institutions such as USYD, UNSW, UTS, and TAFE campuses.

The criminal category of ‘fraud’ is broad. According to a publication from the Bureau of Crime Statistics and Research (BOCSAR), some subdivisions of fraud can be deception offences, fail to pay, embezzlement, and computer crime among others.

Scams are a type of ‘personal fraud’. In this data from the The Australian Bureau of Statistics, they list some types of scams such as phishing, computer support, financial advice, upfront payment, buying or selling, relationship or romance scams, and threats or extortion.

Who gets targeted?

Getting scammed is not reserved exclusively for old people who’ve never used a computer, who click on a dodgy-looking advertisement pop-up.

“It just depends on the particular type of of crime being perpetrated.”

Dr Carolyn McKay is a senior research fellow at the University of Sydney Law School, who devised and teaches the “Digital Criminology: Technologies in Crime” unit of study. She also teaches Criminal Law and Criminal Procedure.

“For example there’s crimes in relation to cryptocurrency. That will be targeting a certain demographic, which is quite possibly younger people,” she said.

Big businesses, law firms and law practitioners can often be targets as well, in a larger-scaled case. Ransomware kits, which are “apparently routinely sold on the dark web”, can be used to take hold of a company’s entire system and prevent the employees’ access unless that business or law firm can pay the ransom.

And romance scams, a more emotionally manipulative kind of scam, targets people who are more socially isolated, alienated or lonely. And older people especially since they often have more in savings. “So they might be, you know, ‘better targets’, if you’re going to be a criminal.

Who could be behind this?

According to Dr McKay, a fraudster or scammer could be anyone, from individuals to organised crime, from large international groups to actual countries.

“There are allegations that there are state actors (…), actual sovereign states, committing some of these crimes.”

A type of exploitative scam such as blackmailing, using something like the sharing of intimate images, is something more likely to occur on an ‘individual’ scale, according to Dr McKay.

“It can undermine their business, and clients will be going, ‘yeah, I don’t want to deal with you anymore.’”

The impacts

When asked about what the ‘worst’ type of fraud or scam was, Dr McKay realised she could not give an answer.

“I don’t know that I can necessarily provide you with a hierarchy of the absolute worst.”

Physical impact, emotional, psychological, quantum of money lost, impact on family – these are all factors that the law may use to determine a criminal’s sentence, which could suggest that there is some way to measure a ‘worst’ type of fraud or scam, but the matter is too subjective to say for certain.

“The impacts of victimisation are real.”

“It’s a matter of record that people have ended up taking their own lives. Because they’re so traumatised by this situation.”

Last year, in New South Wales alone, the Australian Bureau of Statistics (ABS) recorded 8869 cases of fraud, deceptions, and scams. That is almost as many people getting scammed as there are staff at the University of Sydney, in one year, in one state.

According to the ABS, in the past 15 years, the number of recorded fraud offences peaked in the year of 2014-15.

This coincides with the information in this BOCSAR report from March 2014, which states that:

How it feels

“Literally all the signs were there. I just didn’t clock it, for some reason.”

Daniel Saunders has kept his story hidden away for months, and it’s a secret he’s held close ever since. “I put on a brave face, and just forgot about it, to be honest.”

“I haven’t told anyone else. Oh my God. Like, not even my family. Not like, not my therapist…”

His girlfriend, who he had been hoping to buy those Taylor Swift tickets for, is the only other person who knows.

“Because it’s that embarrassing. Because I don’t want people to know, to think I’m an idiot.”

The day after it all went down, Daniel attended a Christmas party, where they played a game called ‘Paranoia’. To play, the participants sit in a circle, and each person takes turns asking the next person in the circle a secret question, and they have to say their response aloud for the group to hear. The question must always be about the people in the group, so that the responder names someone present. A coin gets flipped to determine whether the question will be revealed to the group or not, and if it doesn’t get revealed, the person who has been named will simply never know what it was they were named for. Hence the name ‘paranoia’.

In a game like Paranoia, one asks questions such as, “who would be the last person you would save in a fire?”, and “who here is the most likely to secretly be a ninja?”

At this game that Daniel played, someone asked, “who is most likely to fall for a scam?”

The person who was asked didn’t pick Daniel. But it hit him hard.

“People talk about being scammed as if it’s like, ‘only stupid people would do that.’ That’s the reason why it gets brought up in a game like Paranoia. It’s sort of played up.”

But is it possible we are giving ourselves too much credit for being ‘above’ the innovations and the tactics of scammers today?

“When you least expect it, when you’re vulnerable, when you’ve got a lot of shit going on. That’s when they get you.”

“And I felt the guilt as well,” he said. He knew that not everyone could even afford to spend $1,600 so quickly on concert tickets. He felt guilty having been so carefree about it, about not taking time to think about what he was about to spend.

When Daniel found out how many other people had responded to me telling me they’d also been scammed, he immediately let out a sigh. “Oh thank God.” He realised he wasn’t alone.

What can we do?

Frauds and scams can victimise anyone, from the young to the old, from the intelligent and digitally literate, to the lonely and the isolated.

“This is becoming such a huge problem, you know, just massive problem. With the number of hacks and data breaches and scams and everything, it is just getting bigger and bigger and bigger,” Dr Carolyn McKay said.

So what can we do?

Education is a key

Dr McKay says that here in Australia, education for digital literacy and internet safety is certainly available. For example, the Australian eSafety Commissioner runs educational programs and provides information about topics such as catfishing, identity theft, and provides places to report experiences of scamming or fraud.

“It is interesting how a lot of people, even in an affluent country such as Australia, they do lack digital literacy.”

Dr McKay has observed, even in the highly-educated people she has worked with in her field of Law and Digital Criminology, that they sometimes don’t understand what it is to interact online, and how everything such as emails and messages that come onto your personal device can make us all vulnerable.

“Just don’t believe anything much that you read, because so much of it is either rubbish, or criminal and trying to lure you in.”

Daniel Saunders would certainly agree that we should be more cautious.

“People think that they’re immune to that sort of thing. But it’s not until you actually experience it that you realize: Yeah. Oh my God. This could happen. This could happen just like that.”

Another way to find more safety could be to bolster the regulation, the policing and enforcement on the internet. Though she was more hesitant to suggest this one.

Creating greater limits to what we can access on the internet ends up being a huge amount of censorship. “I don’t know that that’s a great idea.”

“The whole online policing space is so difficult because we know that this is a global phenomenon. They’ve got to find ways to collaborate with people like Interpol.”

“Whatever the police might do they’re almost always a couple of steps behind…”

Dr McKay acknowledged the difficulty that police have with keeping up with the ever-evolving nature of frauds and scams, especially online. “The criminals in this space…they’re great innovators.” She also acknowledged that A.I. is massively changing this area.

So in terms of a ‘solution’, although she notes that she isn’t sure, she would suggest education, making further security for our devices more affordable, and perhaps greater international collaboration between governments and law enforcement.