"watch out" is kind of an overstatement though. As soon as I read "hold up your id" to confirm it's you it was immediately clear it was a scam.
Companies you do business with do not ask for your personal information - since you already gave it!
Your ISP isn't going to call you and say, "Say Mr. X to confirm your identitity give us your social security number and your credit card number + ccv code".
I seem to recall that when I called my US bank, they would ask me for the last three or four digits of my SSN to confirm I am who I am. My bank in Canada always asks me for my birthdate.
Yes, companies you do business with do ask for your personal information. While you definitely shouldn't give out your personal information to someone who calls you, it's common-place to have to give your personal information to a business that you have called.
From the author's comment on the original article[1]
"This link could very well have been sent as spam or through a rogue ad. That’s not how I discovered it though. The phone number used in this scam matched one that I had tracked previously. It’s only after (by going to the root of that domain which was not protected) that I discovered that there was also a phishing scam in there."