[version_five]

I get phone calls sometimes that are almost certainly legitimate, such as from my insurance company, and if they ask me to give them any information (like my address for "security purposes") I always refuse and tell them I can call back. The same is true with email. You should never be giving any information away, even if it appears to be a completely legit communication from your bank or whatever.

The exception (and a potential attack vector) is when a phone call or other live interaction ends in an email being sent as part of the process. There you have to weigh the risk I suppose; obviously i have replied to such emails. But i would never reply to a bulk email even if it came form my banks domain.

[Eleison23]

When the doctor's office phones me, they must immediately learn my DOB or they can't reveal any information. Unfortunately the person calling is sometimes a nurse who's working on test results or some followup and they don't have a direct number. But it's kind of a stalemate if I won't reveal anything to them, and they won't reveal anything to me.

At this point if they manage to have the correct caller ID and I'm more or less expecting the call, it can't hurt to divulge my DOB. Scammer's going to find that out easily anyway.