It's not really a practical solution. As a reputable IT support company, we get 1st time calls from local adhoc businesses all the time and regularly carry out remote support for them after only a telephone call. We do take the time to ensure they know we're local and reputable, but then so do scammers.
The problem is education. I get on average 3 or 4 calls per month, mainly from home users who've fallen for the IT support scam. Some have fallen for the cold calls, but many have called the toll free number presented to them via the infection which gives the impression that they're dealing with Microsoft. The other thing they fall for is search results. Just type in Microsoft Support into google and you'll see the top results (paid adverts) are designed to look like Microsoft Support but are in fact nothing to do with Microsoft. Microsoft Helpline UK is currently top when searching in the UK and they are not Microsoft. Sadly people fall for it and call the number.
Education is key here. There needs to be much more information out there and not just in the form of blogs or online media. Most of the people I deal with who fall for these scams are lets say, the older generation.
As for citrix, yes, more could be done to make it difficult for criminals getting access to gotoassist on a trial basis. That said, in my experience, most of the scammers connect remotely with team viewer. I believe it can be used for free (home user) without actually having to register an account. I could be wrong here but it's definitely the tool of choice for these guys.
On the fastsupport.com page, there should be a much more prominent warning. When they click 'continue' a small survey should be given.
Warning! By continuing, you are giving control of your computer to a 3rd party. Do not continue if you have not verified the identity of the person/s wishing to take control. Click here to learn about the dangers. (link to jargon free info page)
Before you continue, please select an answer:
1. Have you verified the identity of the 3rd party, do you trust that they are who they say they are? Yes / No
2. Are you sure you would like to continue giving control of your computer to a 3rd party? Yes / No / Not Sure (not sure, link to jargon free info page)
In addition there should be a prominent warning visible on the client that it's a trial account the 3rd party is using. For all accounts regardless of trial or not, the client should also state (prominently) that the user can disconnect the session at any time if they become suspicious by clicking the exit session button. Make the end session button bigger! Heck, give them a 'panic' button.