A kindly sounding elderly gentleman called my home this morning trying to "update" my information about PayPal.
To "verify that we are talking about the correct account," he began by quoting back publicly available information about my PayPal account, such as when it opened (2001) and my account email address (email@example.com).
Knowing that financial institutions only update customer info through their Web sites, I told him that he was engaged in a phishing attack; when he denied it, I told him "better luck with your next victim," and then hung up on him.
("Phishing" is when the attacker attempts to get your account password by pretending to be from PayPal or other financial institution.)
Immediately checking my PayPal acct, I found there was no request from them for updated info. I reported the phishing attempt to firstname.lastname@example.org.