Couldn't they say "It's about your checking account ending in 45" or "your credit card ending in 1234" or whatever?
I got a phone message earlier in the day from a banker at the bank I bank at (could that be any more repetitive? LOL.) She left a message saying to call her back. Nothing about what it was regarding. I know she can't probably say a ton of stuff, but at least a message about what account it refers to or something! And I've tried to call her back three times now with no answer. Ugh.
Unfortunately, due to privacy laws, she really can't even admit that she's calling about one of your actual accounts, since that could potentially disclose information to somebody that's not you (the information, of course, being that you actually use that bank). It stinks, but there's so many constraints on the release of information that banks are really hogtied when trying to leave messages other than "This is Sue calling from <bank>. Please call me back at <number>."
No they can't because that would be disclosing/confirming the name of the bank the customer uses and at least one type of account that they have there.
I know it seems like a little thing, but fraudsters are very good at stringing together small bits of information from different sources in order to perpetuate their scam. So lets say that the customer (we'll call her Sue) loses her cell phone. The bank calls for whatever reason and says "Hi, I'm Jane from ABC bank calling about your accounts." Now the fraudster knows the name of Sue's bank. She also knows that Sue is going to realize she lost her phone pretty soon and she's going to take measures get the service to that handset shut off. The fraudster makes a call to the bank, pretending to be Sue and tells them that she's lost her phone or moved or changed numbers and gives them a new number. The fraudster gets a fake ID in Sue's name and goes into the bank to cash a counterfeit cashier's check against Sue's account. The fraudster has what looks like a legitimate ID, so the teller asks some token questions to confirm that it's Sue, but since the fraudster has just changed all the personal information, she can answer that with ease. The fraudster cashes the check and goes on her merry way. Within a few days, the check is determined to be fake and is charged back to Sue's account, and the account is probably closed by the financial crimes unit. The first Sue hears of this is when her account gets closed, and now she has to fight with the bank to convince them that she's a victim and not the fraudster.
This is not as far fetched as it sounds. I've seen that scenario repeated dozens of times in my work in deposit operations for a major bank. I've also seen several other scams of this nature. This is why banks are careful not to release even the slightest bit of information unless they're sure that the person they're talking to is the actual customer. No system is fail-proof, of course, but being very careful about information disclosure is a great first step.