Most everyone with an e-mail address has probably received an email from a phisher trying to lure you into revealing information you shouldn't. Some of the most common targets are people that use online banking or online payment systems. Every few days I get fake PayPal emails demanding that I submit my information due to a “complaint” from another user. Now, it seems, the phishers are moving beyond that and taking it to your phone. Phone phishing is nothing new, and has been around for decades, but most people are probably willing to give information out over the phone more willingly than online, and they are definitely more willing to call a “support” hotline before they release a credit card number. It can be quite dangerous:
When potential marks dial the phone number, a recording requests that they type in their account number. The PayPal attack is more sophisticated than the Santa Barbara Bank & Trust because fraudsters attempt to verify the legitimacy of the account information they've tricked users into handing over. If incorrect card details are entered, a request for re-entry is made, further enhancing the legitimacy of the fraudulent telephone number.
While a situation like this often quickly results in the phone number being shut down, that does little to prevent the people who've already called in and unknowingly released their account or credit card numbers to the wild. Despite all the security in the world, the weakest point is always the human one.