You can also syskey your own machine with a code known to you. It will ask them for the password if they try to syskey you. It can make for some interesting conversation as it presents an opportunity to reveal yourself, or say that you got scammed before or something to make yourself seem even dumber and keep them on the line.
Install some free programs: steam, firefox/chrome, spotify, itunes, etc.
A VPN will help keep them out of your network later on. Installing a VPN on your host machine can get the job done pretty easily. Once you have one installed on your host (I use Nord VPN), you can get it up and running and check your IP at whatismyipaddress.com for free.
If you want to be really clever, you can set your fake phone number to an area code that matches the location of your IP address.
Making a snapshot is crucial before allowing any external access to your machine. You always need to have a way back to before they mess anything up. Also, keep shared clipboard, and shared files turned off on your VM (it usually is off by default), as that can give them access to your host.
Lastly, consider using a dummy machine instead of your main machine. You did not mention it, but it is useful information. Some scammers can use exploits to get to your main which can be bad.
There are many other ways to hide and secure yourself, and ways to waste their time without even using a PC.
I am new here, but I am not new to network security, risk mitigation, or end user support. You can ask me anything.