There needs to be a standard way for customers to authenticate employees representing companies, sorta like a reverse-text-message-code. Maybe, as a customer of a website, I can login to the site (authenticate myself), then generate a code that only myself and someone inside the company can see. Then, I can ask him to read the code back to me so I know he's legit. Does that already exist? I've never heard of it.

It seems unfair, yeah.

But the main way to know is that companies never call you these days. No company should have and few do have a workflow where an employee will call you "cold" with a problem. Instead, companies email, snail mail or text about a problem and you call them back.

But if someone somehow sounds legit, you ask for the official number and whatever info is need to identify your supposed problem. Then go to the website and verify. Call the number at the website (that you find from your own search, not the caller's info) and then have them verify you.