This is tricky stuff, even I could fall for this. So basically booking.com customers are emailed by a legit email address coming from real hotels. These email accounts are taken over by hackers who hacked the booking.com hotel platform via some infostealer. In these emails they tell customers that there went something wrong with the payment, so they redirect them to some fake website, where they steal money from the creditcard. The lesson is to always contact booking.com or the hotel directly to ask if there was indeed something wrong with the payment or not. https://hackread.com/booking-com-scam-target-guests-vidar-infostealer/
As seen in the link above... I bet it's not the only 'How To' guide being offered. Indeed it is a cut above the usual scams.
Yes, because you can't know that you're dealing with crooks. Although to me it's not clear how they steal money, do they redirect you to some fake website and record your creditcard information? Or do they redirect you to some real checkout system, like PayPal or iDeal? If it's the latter, there's not much that can be done, but browser security tools should be able to detect ''fake'' phishing websites.
