My experience has been very different from yours. I've absolutely had financial institutions make unexpected phone calls to me and asking me security questions. In just the last year:
- Someone claiming to be Mastercard phoned me and asked to first verify my name and address. I was 99% sure it was a scam, but I had just enough doubt and curiosity that I called Mastercard back at a known number and it turns out that they were indeed trying to decide whether or not to block a large purchase I had made.
- Someone from the bowels of the check-clearing department of my business bank account called to verify whether or not to pay a large check I'd written to an individual.
- My regular bank called me out of the blue to check on an incoming wire transfer that had my middle initial although my bank account was set up without a middle initial, and they wanted to verify this before accepting the transfer.
In each case above, the call was from a phone number that I didn't recognize (and were un-googleable because they were internal numbers), from a person I didn't know, and the conversation started by them asking me personal or security-related questions! But they were all legitimate calls, and in fact would have caused me grief had I ignored or refused the call.
Financial institutions contribute to the mess by having poor telephone security practices themselves. They also send emails with links they want you to click on to sign in and they invent all sorts of domain names for various services/surveys/emails that bear no relation to their main domain name.