You can take the Google approach of basically not empowering the agents at all. It's not worth trying to social engineer Google CS, because they can't do anything anyway.
Coinbase has the same approach. It's a miracle that ransomware operators got in touch with Coinbase support at all.
It would be pretty simple actually
>Go on LinkedIn
>Look up profiles of people who work at Coinbase
>Contact and bribe them with a burner account