Phishing for personal details is a common approach taken by scammers to gain access to victims bank accounts and other online services. They may call up random phone numbers claim to be from a large company or service provider. If you happen to be a customer, they can then proceed to “check details for security” and gain postcodes, dates of birth and possibly bank account details, credit card details, even passwords.
One reason this is often a successful approach is that it is exactly what some banks, mobile phone companies and ISPs do. They will call you about something to do with your account, and go through the security procedure to confirm they have called the right number or whoever answered the phone is indeed the person they need to speak to.
This seems quite legitimate, but how can you tell it isn’t just a very convincing con artist who called you? They don’t give you an opportunity to confirm their identity.
As well as this imbalanced approach to security, legitimate companies who perpetuate this practice are making the job of scammers easier by normalizing handing out of personal information to anyone who calls and sounds convincing.
Companies who value security really need to think harder and change how they validate who they have called.
Until they figure out creative ways to do a better job, my advice is to challenge any caller who seeks your personal details about this, and refuse to share them. Instead you can call them back on a publicly available contact number, and go thorough the process.
This might seem over the top, but note that victims of scammers who handed over their personal details are always held responsible and rarely refunded by their banks, service providers. It’s their fault for doing what the same companies systematically all thousands of customers to do every day.