In addition to the tips already mentioned, I always use a keylogger. It’s not necessary when using a virtual machine of course but it adds extra annoyance value for your victim when the scammer tries to syskey you thinking he’s played his ace card and locked you out of your machine.
They get rather annoyed when you bring up your key logger and say “Couldn’t you think of a better password than 1,2,3,4” (one tried on me) or whatever else they choose.