Speaking of phishing, while I was off attending the RSA Security Conference, American Express called and left a message on our home phone asking me to call them about some charges on my account. They added that this was not a sales call -- they weren't trying to sell me anything.
So, I pulled out my handy AmEx card and called the number on the back of the card. After wading through the "we want our computer to talk to you" menus and finally getting to a person, the customer service agent, who was very nice, was unable to tell me why they called and said everything looked alright, so the problem must have been fixed.
Later that week, I received another call from them. This time they left an 800 number that they wanted me to call and again were clear about this not being a sales call (not sure what they expect me to interpret that as since most sales guys would say the same). Of course, following good guidelines for identity theft prevention I would not call a number left on my answering machine, so I again called the number on my card.
Again, they had no clue why I was calling and told me I should call the number that was left on the message. I told them that I wouldn't call a number left on my answering machine. They asked for the number and after about 5 mins on hold, they connected me through the people who were calling and leaving messages. Apparently it's a different branch of Amex that looks at strange merchant transactions vs strange member transactions.
I pointed out that there was a problem with their system and that I wouldn't call a number left on an answering machine, but they said it would be ok... I don't understand that and I questioned them saying that if I called them they would ask me for information that identifies myself and that's exactly what a phisher would want... "Oh we wouldn't do that"...
Clearly they need to fix this as this is the exact behavior that leads to consumers having the identity stolen. At the minimum, I should be able to call the number on my card to resolve any problems/queries they might have.