Most likely it’s an email hack. I have encountered some situations when a persons email account has been compromised and the hackers have read the emails and then crafted scams using the details from them. Gmail and Microsoft 365 are particularly vulnerable unless you use two factor authentication as both companies expect you to regularly log in an hackers create fake login pages. Everyone should be using complex passwords but more particularly two factor authentication wherever they can.
These days, for our guest house we have to have an online booking system. We use one provided by a 3rd party company rather than writing one ourselves.
The system hosts our own website and acts as a fully automated channel manager. That means it links to all the major booking agents online like booking.com, hotels.com, last minute etc etc. and provides all the listing information /pictures and real time price and availability information.
I have access to our data on our booking system and some access to booking.com information. For any bookings we get from booking.com the customers email address is replaced by one that routes the messages via booking.com (allowing them to vet what we say before passing the message to the customer). I dont know what source email address the customer sees if we send them a message and in the ARC article the reply address on the first message appears to be a no-reply one.
I can see how this scam could be started if someone got control of my PC or managed to log into my main channel manager (we do use two factor authentication for that). It's not clear from a quick read of the article if the scam is for one property at a time or many