When potential marks dial the phone number, a recording requests that they type in their account number. The PayPal attack is more sophisticated than the Santa Barbara Bank & Trust because fraudsters attempt to verify the legitimacy of the account information they've tricked users into handing over. If incorrect card details are entered, a request for re-entry is made, further enhancing the legitimacy of the fraudulent telephone number.
While a situation like this often quickly results in the phone number being shut down, that does little to prevent the people who've already called in and unknowingly released their account or credit card numbers to the wild. Despite all the security in the world, the weakest point is always the human one.