[Stratoscope]

Just the last four? You're lucky.

One time my own bank scammed me into giving them my full seven digit SSN over the phone when they called me. And all they had to do was ask me for it!

The worst part was that I fell for it. Of course, no harm done, because it really was my bank, but what an idiot I was.

At least I knew better when the Windows Support people started calling me a year later!

[DalekBaldwin]

I've run into the opposite situation making me hesitant to trust legitimate correspondence with my own banks. The past few times I had to take care of something over the phone, they did not ask for anything that could reasonably confirm my identity or account. One bank only asked for the last four digits of my account number. When I called another bank in response to an email alert about a fraudulent transaction, the representative asked for a phone number to text a verification code that I had to repeat back to them ("You want me to give you a ten-digit number?" "Yes"). Looking back on it, the first bank may have figured that few people will ever have the same account status problem at the same time and would ask for more information in the event of a collision, and the second one may have required me to name one of the phone numbers they already had on file (I'm used to representatives telling me a few digits of the number they're going to text based on what they have on file). But without knowing the entire workflow ahead of time, it seemed just as likely that this was a bunch of meaningless ceremony meant to give the appearance of bank-scale IT infrastructure in action so that I'd feel more comfortable revealing sensitive information later.

[himom]

7 digits? It’s 3+2+4=9 digits in the US.

[Stratoscope]

Thus proving that I can't count past seven!

You've seen off by one errors, this is twice as bad.

[shkkmo]

Would have been funnier if you said "thrice"

[AlexCoventry]

Which would be three quarters as bad.