It's a loopback, originally designed as a way to test networking software without worrying if the networking was actually working in the computer.

For example;
You have a super duper program that will remotely kill a computer. Just need to tell it the internet address of the target. (For example google.com comes up as 172.217.3.164 for me.)
Tell your software to run on 172.217.3.164 and it will attack Google's servers.
Telling it to run on 127.0.0.1 is telling the software to attack the computer you are currently using.

Which for these folks, hopefully means that very shortly their computer turns into the Wicked Witch of the West after her shower.

^What Sakka said.

Here's a little lesson on Social Engineering. How it works and why what I said is a viable possibility.

Social Engineering is the concept of getting a person to shut down their capability to reason to get the person to do what you want, usually to gain access where the attacker is not supposed to be. The methods are varied and the most effective ones are tailor made for the access needed but most usually rely on either panic, haste, authority, greed, or any combination of the above to work. If you've seen the Ocean's 11 remake you've seen a LOT of it in the film, it's all over the place. IT professionals are taught as part of their security training how to identify these attacks, how to stop them, and how to avoid making their own actions be considered either an attack or a gateway. The phrase "you get access to my network when you can pry it from my cold dead fingers and I'll make sure you're going to hell with me" might seem like a joke, but for IT professionals, it's a mantra.

Now, onto how the phone scammers approach to Social Engineering is done. In this case, they are using a combination of authority (this is *name* with *official sounding name*), panic (your system has been infected), and urgency (you must give me access as soon as possible to stop it) to get access. Crude, but effective.

Now as to why my suggestion can work, you have to remember that most of the time these aren't professional con men or people who have had any real training in Social Engineering themselves beyond rehearsing a script. As such, they can be just as easily compromised as their targets. In this case what I suggested is a combination of urgency (I don't have the time) with greed (I'll give you direct access). Throwing in an authority hook (My network provider told me to do so) can sweeten the trap. They will shut down their own reasoning ability because they think they have an easy target.

Now that we've covered the Social Engineering part of it, we can get into the technical part of it. As I said these are not professionals and I wouldn't rank them above Tier 1 tech support (ie a script reader) so odds are they'll use an automated program to do the dirty work. These programs are designed to attack anything and everything because the writer wouldn't be dumb enough to use it on their own system. One of these scammers however do not know that so giving them 127.0.0.1 which contacts nothing but the computer that it's on means they've just hit their own system.

Now as Sakka said, 127.0.0.1 is a loopback and is usually used for testing so it won't do much. A program without the capability to differentiate the loopback however can cause problems.