It sounded sketchy from the moment they asked for a pin code that they sent to your phone. It's easier to talk from the outside, but that should always be a red flag. What exactly would they be confirming by sending a PIN to the same number they were already contacting?
But that's a great heads up. Phishing is not just about obviously fake e-mails to hotmail accounts.
There's so many outside circumstances that might even make a technically adept person like the original poster fall for this: bad day at work, fight with the girlfiend, getting called in traffic, having loud kids playing at home, not feeling well, etc.
Like you said, spam and phising used to be obviously bad but I'm afraid I'm going to fall for it some day now.
But that's a great heads up. Phishing is not just about obviously fake e-mails to hotmail accounts.