This is a simple case of a malicious actor asking for access, and the victim is handing access over. QuickAssist, ScreenConnect, TeamViewer, Teams, Zoom, etc all have been used for this purpose.
It no sounds like it starts with a vishing phone call. Lots of people will ask Microsoft to fix this somehow, but no one ever seems to blame the phone services or demand they fix it.