How they get away with it I dunno.
Uh, because...
My grandad had three calls in 5 minutes from the same scammer yesterday.
Not that your granddad is a rube or anything (my dad is 75 so he's in the same boat) but computing isn't intuitive to that generation. My dad is (literally) the smartest person I know personally, and yet it wouldn't occur to him that if the REAL Microsoft wanted the "SLE" number, they would likely be able to get it without need for a phone call, from India no less.
I'm no IT guy, but I'm pretty sure this is a rather well-known phishing exercise. I'm at the point where I don't give ANYTHING to ANYONE who calls me, even if I recognize the source. If I get a call from Microsoft or Bank of America or anything like that, I say "okay, let me check my records and I'll call you back", then I call a number I get from my statement or information packet, NOT the number they give me. Paranoid? Perhaps, but I can sleep at night, so it's all good.