At least he's doing so having called an already trusted number. But receiving a call from someone claiming to be your bank is a much more dangerous situation, despite it feeling similar to lay people. Banks should really train people to hang and call to their actual customer service.

A variation can be the scammer presents a fake number for you to call, via email, sms or worse through malicious ads that pop up when you google for the company phone number. Or, a phishing proxy like evilginx could overlay a “call [fake number] to unlock your account” as part of the login process.