What is so frustrating is that the people being targeted are some of the most vulnerable, and they are more likely to fall for it because every Tom, Dick and Harry company representative rings up and asks for your personal information to 'pass security.' How can we expect people to not fall for this kind of thing when companies have such ridiculously bad practices (most of these are sales calls so it is entirely profit driven).
Rules of thumb should be...
1) NEVER answer 'security' questions when receiving an unsolicited phone call.
2) If a company calls up to speak to someone about something urgent (no sales calls allowed) they should be advising the person to call them back using the contact numbers they already have!
When companies start using better practices and educating their customers, their customers are less likely to be susceptible to fraud.