Well, I would like to try to understand it in a more practical way as follows: I am a miner, or whoever I want to try to scam someone with a transaction that is confirmed once. How could I do it? Does it make sense what I am saying?
Sorry, edited my post a bit to reflect what I am talking about.
My scenario describes a process where it can happen naturally (ie. occurs in a non-malicious intent). It has happened at least once:
https://medium.com/deribitofficial/was-there-a-bitcoin-double-spend-on-jan-20-2021-45bdbd178c58.
Note that your number confirmation is in the perspective of which chain you're looking at. Hence, with the malicious intent, this is what an adversary would do given that he owns a significant portion of the hashrate.
1) You send a transaction to Person A, and the transaction is included in block 883, hence both of you see 1 confirmation.
2) As a miner, you can build an alternate chain ontop of Block 882 which does not include that transaction and includes another transaction which sends the coins back to yourself. In that alternate chain, you try to find a valid hash of block 883 and a block 884, while including the malicious transaction in your block 883 and mining another block on top of that. If you can do so, you can propagate that chain and the network accepts your alternate chain because it is the longest chain.
3) Because your new longest chain does not contain the transaction that you've sent originally but it contains the new transaction for which you spent the same inputs back to yourself, the original transaction becomes invalid and the rest of the network mines on your new chain and you've successfully reversed a 1 conf transaction.