Callback phishing is a social engineering attack where cybercriminals send victims emails or messages prompting them to call a specific phone number. The message often appears urgent, such as a security alert or invoice issue, tricking the recipient into believing immediate action is required. When the victim calls the number, they are connected to a scammer who impersonates a legitimate entity, such as tech support or a bank representative. The attacker then manipulates the victim into revealing sensitive information, installing malware, or making fraudulent payments. Unlike traditional phishing, callback phishing relies on voice communication to build trust and bypass email security filters.