@Edent I've had my bank legitimately call me, unsolicited, about something exactly zero times.
I've had scammers call me pretending to be my bank way more often than that.
Just playing the numbers, it would always be safest to just hang up, report the number as spam, and log into my banking app directly from a trusted device to check if anything was suspicious there.
Good rule of thumb: never provide sensitive info in a conversation that you didn't initiate, and never provide your password if you didn't initiate the login.
I'd say never provide your password, period. If the company somehow needs it, run away from the company instead. That's a major red flag even if it would be somehow a legit request.
Also never identify yourself by phone. If you feel it really is a legit call, just say "no this isn't she, may I take a message?" That's how people used to deal with unsolicited sellers/scammers. If it is a legit call they will leave a message or tell you what it is about/who is calling and then you can call the official number in whatever company/government agency they called from.
I feel like phone etiquette has gone worse direction after smartphones became widespread. Phone calls are unencrypted, not secure and there is no guarantee the person you are talking to really is the one they claim to be. During landlines or family or company shared phone lines the etiquette was clearer: First ask for who this call is directed to (do not answer with your name, a hello (and a company name) suffices), say you are going to take a message and end call once message received. A phone call is not supposed to be anything important; that is always delivered in writing (snail mail or email or inside the banking app messages etc). It is supposed to be used for scheduling or information sharing like "hey, we noticed something weird in your transaction history. Do you mind logging in to your bank account and confirming these charges are legitimate, thank you." Not "hey, give me your account details on the phone so I will check for you if your bank account is hacked. Quickly, they are stealing money away every minute!"
I'd say never provide your password, period. If the company somehow needs it, run away from the company instead. That's a major red flag even if it would be somehow a legit request.