The transactions are for the same amount, going to and from the same addresses. One is valid, one is not, so the network accepted one, but not the other. That's how it's supposed to work, right?
The attackers are hoping that some people will look at the transaction ID to confirm a payment was made, rather than looking at the final balance. It is not a 51% attack, but unsuspecting users can still be tricked.