The issue stems from one simple fact. Most hotels use e-mail and fax (yes FAX!) to confirm their bookings from the booking engines. All a scammer needs to do is intercept that confirmation e-mail or fax and voila they have all the details they need to extract the cash from you. (easy enough considering how secure most hotels reception areas are)
They can even sign up to the various bedbanks and input the hotel details and make themselves the main contact for bookings (there is little in the way of confirmation checks done to make sure you are authorised to enter the information). They will simply forward all bookings to the hotel at the rate specified, get a kickback from the hotel, then rip off the customers a few weeks after they have collected all the details they need. If they time the withdrawing of funds with the persons trip most people will simply put it down to being ripped off by those "orrible forins" as well.