By having a system that does not depend solely on the spidey-sense of the front line personnel, such as:

1. A validation system that keeps the attacker away from my account until they have proven something.
2. A CRM (Customer Relationship Manager) that makes the most recent changes to an account visible to the phone jockey.
3. A fraud unit that watches the frequency of events (charges, calls, changes, atypical balances, etc.) to a given account.
4. A feedback system, whereby I receive alerts regarding changes to my account.

This brings to mind something that occurred in 2017, the other way around. While in KSA, I received an email from a bank with which I had an account in my home country --- India --- thanking me for visiting the branch to meet the new manager the previous day.

Far from being out of the area the branch is located in, I wasn't even in country at the time!

After ensuring that the sender address was indeed that of the bank, I contacted them to alert them to this, and asked for an investigation & explanation. When they responded stating that it was due to a new staff member sending out the email erroneously, I made a complaint on the site, but decided to let it pass after they called me & apologized.

However, that wasn't the end of it --- shortly after, I received another similar email, followed by the same explanation: employee error! This is a major bank in India, so I was dismayed that something like this could happen. (I closed my account after this)

Had they claimed that  they were gauging customer awareness, I might have actually appreciated it...