Here is an article and several Youtube videos describing an attack on the UK MI6 organization (their equivalent of the CIA). The article uses the term "phone bombing", where the attacker uses automation to flood the target with calls, thereby preventing legitimate callers from getting in. This is just another term for Telephony Denial of Service (TDoS).
The video's narrate the attacker calling in themself and taunting the MI6. If this weren't such as serious type of attack, it would be humorous.
The PSTN is not what it used to be, closed and somewhat safe. It has so much VoIP/SIP in it, that it is starting to look like the Internet in terms of threat level. We will see more and more harassing calls, TDoS/phone bombing, voice SPAM, voice phishing (vishing), etc.
Here is an article about how an attacker changed the address on one of billionaire Paul Allens accounts, to trick the bank into sending the attacker a debit card. It doesn't say how the account was changed. It may have been changed via social engineering into the banks contact center, or possibly via malware on a PC.
Once the address had been changed, the attacker then called in, said they lost their debit card, and had a new one sent to the modified address. The attacker was obviously able to complete this through social engineering/fraud. I don't know if they had more info about Paul Allen or the bank simply sends a new card without requiring any other sort of identification/authentication.
What is scary is that if someone can manipulate such as high profile individual's account, then can certainly do it for a typical consumer.
Here is an interesting article on contact center fraud. There are many different types of fraud that can affect a contact center - classic social engineering (facilitated by spoofing caller ID), information harvesting, etc. The article covers some of that - confirming that it is easy to imitate a legitimate user, since it is easy to get basic personal information that is used for authentication.
The article also describes the issue where a consumers phone number is changed (via malware on their device) and then the bank uses that to call back for verification, but it turns out to be the attackers number.