Attack Type: Callback Phishing

Callback phishing is a straightforward but dangerous scam that usually begins with a fake invoice or receipt. These attacks often appear to be a charge from a well-known company, such as Norton, McAfee, Geek Squad, or Apple. The email includes a phone number to call if the charge wasn't authorized. The goal is to get you to call that number, not to click a link.
Once you're on the phone, the attacker often poses as a customer service representative. They might ask for personal information, offer to help you “cancel the charge,” or convince you to install remote support software. From there, they can access your device, steal sensitive data, or walk you through a fake refund process that results in real financial loss.
Because there’s often no link or attachment in the email, these messages can bypass traditional security filters. Once the conversation moves to a phone call, it’s out of sight from most security tools. That’s what makes this type of attack so effective and why it’s important to verify unexpected emails or charges through official channels, not the contact info provided in the message.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Stripe invoice abuse
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Calendly callback scam detection
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Oracle Cloud Workflow callback scam
6d ago
Jul 10th, 2026
Sublime Security
Service abuse: Facebook mail notification callback scam
7d ago
Jul 9th, 2026
Sublime Security
Callback phishing via Google Meet
8d ago
Jul 8th, 2026
Sublime Security
Brand impersonation: Quickbooks
8d ago
Jul 8th, 2026
Sublime Security
Brand impersonation: McAfee
20d ago
Jun 26th, 2026
Sublime Security
Service abuse: Settime.io sender with callback scam intent
22d ago
Jun 24th, 2026
Sublime Security
Reconnaissance: Short generic greeting message
29d ago
Jun 17th, 2026
Sublime Security
Service abuse: IBM IAM account notification with callback scam indicators
30d ago
Jun 16th, 2026
Sublime Security
Callback phishing via Apple ID display name abuse
1mo ago
Jun 11th, 2026
Sublime Security
Attachment: PDF with fake invoice using suspicious font sizing
1mo ago
Jun 9th, 2026
Sublime Security
Attachment: Callback phishing solicitation via pdf file
1mo ago
Jun 5th, 2026
Sublime Security
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)
1mo ago
Jun 5th, 2026
Sublime Security
PayPal invoice abuse
1mo ago
Jun 4th, 2026
Sublime Security
Service abuse: Google Groups callback scam
1mo ago
Jun 4th, 2026
Sublime Security
Service abuse: PayPal manager account creation with callback scam indicators
1mo ago
Jun 2nd, 2026
Sublime Security
Service Abuse: HelloSign share with suspicious sender or document name
1mo ago
May 28th, 2026
Sublime Security
Service abuse: Amazon invitation with suspected callback phishing
1mo ago
May 22nd, 2026
Sublime Security
Callback phishing via calendar invite
2mo ago
May 12th, 2026
Sublime Security