now we can't trust the caller ID
ABC News Phone Spoofing story (http://abcnews.go.com/Technology/story?id=7325223&page=1)
the fact is- never, ever under any circumstances give out sensitive info over the phone-- we should know this by know but it bears repeating.
Oh yeah.
To give a most serious example of this: after the Mumbai terrorist attacks, its suspected the terrorists spoofed a phone call that caller ID showed originating within the Indian Foreign Ministry - a very angry, threatening phone call that suggested Pakistan better prepare to get nuked. This made Pakistan raise its threat status which suggested to India they were preparing for an attack and may even be behind the terrorist atrocity, raising India's threat level and so causing the oh so lovely security dilemma familiar to those who lived through the Cold War.
In a less serious example, someone somewhere got hold of my father's card information, and the security staff for the bank called him to alert him to suspicious purchases made in his name. The first thing he did was hang up, get their number from the phone book, phone back and ask them security questions before handing over any details.
Common sense isn't, alas, but a decent level of awareness can avoid most problems, especially if you don't take things for granted.
I think the advice to simply ask who is calling and then call them back- using a publically listed number vs one they provide- is best. Awareness goes a million miles towards prevention.