[DalekBaldwin]

I've run into the opposite situation making me hesitant to trust legitimate correspondence with my own banks. The past few times I had to take care of something over the phone, they did not ask for anything that could reasonably confirm my identity or account. One bank only asked for the last four digits of my account number. When I called another bank in response to an email alert about a fraudulent transaction, the representative asked for a phone number to text a verification code that I had to repeat back to them ("You want me to give you a ten-digit number?" "Yes"). Looking back on it, the first bank may have figured that few people will ever have the same account status problem at the same time and would ask for more information in the event of a collision, and the second one may have required me to name one of the phone numbers they already had on file (I'm used to representatives telling me a few digits of the number they're going to text based on what they have on file). But without knowing the entire workflow ahead of time, it seemed just as likely that this was a bunch of meaningless ceremony meant to give the appearance of bank-scale IT infrastructure in action so that I'd feel more comfortable revealing sensitive information later.