No-one will ever ask you for secret codes, PINs, postcodes, passport numbers, passwords, dates of birth… you know, personal information. They should provide you with information about you to prove they are genuine if they ring you. A partial postcode is not enough, you need something more substantial. Don’t volunteer information and listen carefully to what they ask. Why are they asking you this…?
If the language or the grammar looks wrong, or they ring with a jolly ‘how are you today, sir?’, it’s suspicious. Ask them who they are calling. If they don’t give a name, goodbye. Spelling mistakes do happen, but an official document with errors is not an official document.
And, sorry to say this, if you get a random call from someone saying, in a very thick Indian or African accent, “hello sir, this is Sebastian from your broadband provider”, then alarm bells should be ringing for so many reasons. Ditto “this is Microsoft, we have detected errors on your compuder”.
My e-mail scam and spam filter works well, after a long time training it, but odd things do get through. They can be convincing. Look at the sending address. Does it seem right? Are there links in the text? I can put my pointer over a link and it shows what it actually is (this is Thunderbird, but others may do the same). Look wrong? Delete it.
Getting text messages for low cost mortgages? Beware. Reading it could cost you. Unless it is genuine, delete it and block the number (it will probably not be the real number anyway).
If an email gives a phone number or e-mail address, eg to your bank, ignore that. Use the published number on the official company website.
And, if you can, report it, to help others.