Good day. To clarify, you are saying that User A receives an inbound call from an outside party and the Caller ID is properly displayed but when User A transfers the call to User B, it is marked as Potential Scam. Is that correct? From within the Zoom Admin website, you can set how transferred calls are displayed under the company info section of the Phone Management. This should keep the Caller ID as the outside caller's ID which would be the original name unless you have the box checked below.
Is the transfer being picked up on the Zoom app on a mobile device, the Zoom app on a desktop client or on a physical phone device? If it is on the Zoom app for a mobile device, does that person have a local app that maintains potential spam numbers?