[pests]

The only time I saw this handled correctly, and I forget the company now, worked like this:

They would call you and then want to verify themselves to you. You would be asked to open the companies app. The app noticed you were in a support call and had a link at the top taking you to the support section of the app. The caller would then read you a code you would type in and it would let you know if the call was legit.

[_ah]

This can be easily attacked with two scammers executing a MITM attack. One calls the bank to impersonate you and steal your money, the other calls you to get your app code.

[wruza]

Correctly? Try explaining your grandparent that they should open the app and type in some codes while on call. This habit will expose them to a whole class of attacks.

The only proper way is to send push to that app with the information about the issue.

[pests]

They would also offer to hang up and when the person finally found the official number and called back, that same code could be given back over the phone to reconnect to the original agent. Or they could go through whatever process they want.