Still not foolproof. Attacker can MITM the connection by initiating their own call to the real support line and relaying instructions between the user and support.