Best Practices - Don't call phone numbers in spam email
Spam authors continue to craft highly convincing schemes. For example, they can use disposable phones and even spoof the caller-ID display number so it appears to be officially coming from a bank or credit union. They may ask for highly confidential information (e.g., SSN, bank account, credit cards). Finally, if information is revealed, they can use this in identity theft or direct fraud attacks
The specific attack documented by the Internet Storm Center is one where the email recipient appears to have their credit card or bank account locked out due to highly unusual activity. If individuals panic and rely on these email messages, the phone call may appear to be legitimate as they provide sensitive details related to their accounts. Later, they may become victims where it could weeks or months to straighten these matters out.
If you receive phone numbers in suspicious documents and are unsure, contact the bank or firm directly using the publicly listed phone numbers in the phone directory or at their official websites instead.
Social Engineering Techniques - Don't call phone numbers in spam email
QUOTE: From an awareness point of view to your customers and users:
* not only to teach your users not to follow links in (possible) phishing messages, but to use bookmarked URLs instead
* but to also tell them to use only contact data from a safe location (and especially nothing originating directly or indirectly from the email message itself)
Below is also an excellent site to help validate toll free numbers, where the caller-ID information is listed as Private or Unavailable
Site listing Suspect Toll Free Phone Numbers
News related Toll Free calls
Best Practices - Toll Free Calls