Here is a common scenario:
You recently traveled or made a large purchase and your credit card company leaves a message like this on your home phone answering machine: "Hello Mister Entriken, recent purchases on your credit card account ending in 2203 appear to be unusual and we would to confirm that they are legitimate. Please reach us at ". Then you, being the savvy Privacy Log reader that you are, use Google to see if 520-838-4877 is a legitimate phone number for your bank, here are the results:
What do you conclude? Nothing, the bank called you from a call center without a well known number. So you put up your defenses and dial the number, then it comes "for account security purposes, please tell me your full account number, mother's maiden name and billing zip code". The banks are training you to answer the phone from unverifiable phone numbers and spit out all the information an attacker needs to use your account.
(Of course the only thing to do at this time is: explain what you are doing, hang up the phone and call the number that is listed on the back of your credit card.)
Whenever a bank or other entity calls you and needs personally identifiable information, they should tell you to hang up and call them back at a well known number for that entity.
Sample message, is this legitimate? https://www.google.com/voice/fm/13391585335464009546/AHwOX_AZSPLaDLFLfu5k0MEmIllpEX7kx595xuNZx9HotwnKnKoWhc0uhSXwHj8SODYfyoWY7lTCZU7JM1_IQWkDKiU1NDxgc8RNUxzIn63MqUorkUeYBFL8USe-b5faNZqX9-mraNKxFoCNn6I_LYzMpIAFeasabQ