It grows only when the puppet "nose" he's lying.
Several tech support scammers in scambait videos on YouTube claim not to be scamming. Has anybody considered applying the so-called "Hanlon's razor" to these guys? As Robert Heinlein wrote in the short story "Logic of Empire" (1941): "You have attributed conditions to villainy that simply result from stupidity."
I guess some of them actually believe that they're legitimate technicians diagnosing problems with a victim's PC, that the errors in Event Viewer are caused by malware or misconfiguration, that the
dir /s command "reminds" the installed real-time antivirus of a file's existence by accessing it, etc. They might have confused the meaning of a "stopped" service (not running at the moment) with one set to "manual" (actually disabled). The "Network Access Protection" is a way for a PC running Windows 7 or 8 to automatically skip captive portals on some corporate networks by running a system health monitoring app managed by the network administrator, but it's so obscure that it was taken out of Windows 10. And they're right about the "foreign address" in
netstat but for the wrong reason: Someone in another country is trying to break into the victim's PC, but that someone is the person on the other end of the line.
It might be fruitful to explore punchlines other than immediately hurling MC-bombs and other Hindi apamaan as soon as payment fails to clear. Mention other interpretations of their "diagnostic" results, using language such as "Are you sure this isn't..." or "Could those events be from..." I imagine it's like trying to help someone in a mind-controlling religious organization: sometimes you have to show a technician that his belief system isn't as grounded in truth as he thought it was.
Has this been tried? Or what am I missing?