The support staff of a bank I'm customer of don't have a way to see the UI I'm using. I can understand that because how much money one has on an account could be quite sensitive: 100 Euro don't matter, 100 k is another matter and people can be bribed to report targets. Anyway, it took a very long time (months and calls) and randomly picking the right person in the call center before we understood that I could not change my street address because my contract (the "product" from their point of view) is very old and still has the "old" UI which doesn't allow for changes to the street address. Everybody I talked with assumed that I have the new UI, probably the only one they've been trained on, and they kept telling me "click here, click there, type the address in there". "Sorry, there is no input field, not even the menu." "Impossible."

If they had some sort of account spoofing they could have realized what was going on. In many apps there are no problems giving support staff full access to customer accounts. Furthermore, in many apps the team is so tiny that everybody could sit around the same table and that solves many issues with trust, even if everybody is working from home.

However the more you want hide from the support staff and the more it gets difficult to have a meaningful spoofing mechanism. Maybe the support staff might be fed random numbers instead of the actual amount of data, but even the number of operations on an account might be telling.

By the way, after I walked in the bank and made a person change my street address I'm still receiving some communications with the old address. Too many databases.

In some industries, that's true and you can't even whisper about spoofing. In most industries, these risks can be mitigated by good quality logs and audits of what admins do when account spoofing is used. (I mean, good audits should be there anyway.)