This website and the one they're referencing shouldn't even exist. Barklays' website should just tell the customer to always call them back. Spoofing the phone number isn't just a possibility, it's normalcy.
I usually find the phone number to call either on the debit/credit card itself, the latest invoice, the contract/agreement I have with them, or their website. There is usually one customer support hotline that can forward you to where you need to go.
It gives a false sense of security. The vast majority of users do not understand phone numbers can be spoofed, and will use this website to check if a call they received is from a "legitimate" number, instructions be damned. It wouldn't surprise me if scammers even incorporate it into their routines.
The bank could easily record whether or not they are in contact with the customer over the phone when they initiate outreach. Then standard practice would be “visit Barclays and enter your phone number to check the call is legitimate and get the name of the agent “ or more realistically even a push notification in app. Asking people to call back is a canonical example of bad UX in the name of security that weakens overall security (like stupid password requirements, rotation requirements, etc).
It can take ages to get through back to an agent and it may not even be the same one or even in the same department.
