Yeah, most companies worth their salt (so to speak) make a point of saying their employees will never ask for your password. That not only frees them up to do the right thing with password hashing, but gives users a clear red flag when scammers call.