Spoke to Michael for around an hour. Heard 2 other scammers in the background. They mentioned things like geeksquad, microsoft, and refund. I also heard the zoom inbound call tone.
I had no idea what the refund amount was supposed to be and played dumb about the email.
At my bank account, they told me to type my password and then not to log in. At this point they blocked the screen again, presumably to steal the password. It’s a fake password anyway but I deliberately skipped the last character.
Used a remote tool I haven’t seen yet. qhelp.cc, when it blocks the screen it’s blue with the text “Working on updates Do not turn off your system”
Mid-way through he called me from a different number (801) 226-0641. After an hour, I got bored and pretended to be my daughter and explained mom is old and we don’t let her mess with the real bank account and that this was a fake bank on a VPN.
He got really annoyed when I gave him his zip code and IP in my real voice, so that was fun
Time to go restore the VM to an earlier state, he had A LOT of time to mess with it.