To carry out such an attack the scammer would have to create a whole network of nodes that the victim would be connected to. The victim is then only connected to malicious nodes. The scammer can deliberately slow down the process of sharing transaction data with his victim. He can close the channel and steal the coins before this data is received by the victim. That's the idea anyway.
you dont even need to sybil a watchtower service for lite wallets
you just broadcast your close channel TX via mining pools API so that a mining pool has pre knowledge. they get your copy and build it into a block. and but you dont relay it to the general bitcoin network
this has been seen many times where a tx is in a block before being in the general network nodes mempools. thus nodes see the block but had no pre-knowledge of the tx.
its not difficult.. and much cheaper and easier than a sybil tx blinding attack