Phising is usually done via texts and e-mails rather than a phone call.
As they provide a link and ask you to click on it.
This takes you to a fake website. that has been designed to look like the real one.
You are told to log in thus providing the scammers with those details.
Then as it is a fake site they claim there is a problem with your log in and so ask you to verify your card details to prove it’s you.
So now they have those details as well.
They can now access your account and change your password, hijack your phone number and use your card.
So not sure how being called can achieve this so you would need to provide more details of what has actually happened in order for people to decide what else needs to be done.
In the meantime if you feel you have provided somebody with your log in details you should go into your account and change them asap.
If you have also told somebody you card / bank detsils you should inform your bank that you believe you have been scammed and ask them to cancel your card and to remove your phone number from your account as a means of authorising payments.
As for informing giffgaff about what has happened you can use the @ symbol @report_phishing which alerts an educator who will get in touch with you.