@AC
The whole point of this vulnerability is that you can lie through caller ID, and make someone think the call is from their bank/credit card/etc NOT "anonymous". If people receive a call that their phone tells them was from 999, and someone at the other end of the line said they were the police, most people would believe it.
A lot of banks DO call you and expect you to give over details simply because they ask for them. One call I've had went:
<RING>
Me: Hello?
Them: Hi, this is <my bank>, we need to talk to you about your account but need you to answer some security questions first. Can you please tell me your password?
Me: No. How do I know you are my bank?
Them: This is <my bank>, we need to talk to you about your account.
Me: Fine - prove to me that you are my bank.
Them: We can't do that until you've proved that you are <my name>.
Me: Then we have a problem. You called me, therefore you need to prove to me who you are.
Them: But we can't until you answer some security questions.
I have managed to get around this for one series of calls with my bank - when I spoke to them the first time, we agreed a piece of information that they /would/ tell me before anything else to prove they had the record onscreen. However, that's the exception rather than the rule. Another department were happy to tell me what extension they were, and told me to call via any "official" number that I liked.
The best has to be the person that offered to give me their direct line - as if only my bank has direct dial phone numbers....