I would like to say I'm pretty savvy to scams, but this one caught me out at £1k.
I received a WhatsApp on my personal number asking me to pay the amount I still owed to the hotel to confirm the booking. The Booking.com advertisement said that payment would be taken by the hotel directly up until three days before arrival, so I was expecting some sort of contact from the hotel.
The WhatsApp sender had my my full name, the correct hotel details (including name, check-in and check-out dates, and amount paid), and the link provided contained the same details, reviews, and photos of the hotel. I paid via Apple Pay which is quite sophisticated for a scam. The first time it failed and so I tried again and I have been charged two lots of £501.
Both the hotel and Booking.com are being really helpful in trying to resolve it, and I've since raised it with my credit card provider. I know what some people may say in never clicking on links etc, but I routinely travel and hotels (especially apartment listings) often use WhatsApp now and send you links outside of Booking.com for deposit handling. Even Hilton Hotels does this.
I used a password manager which has a randomly generated password, so that rules out my password being breached.
Stay vigilant!