Callback Scams: Why the Number You Are Told to Call Back Matters

Not every phone scam starts with a scammer calling you directly.

Sometimes the scam begins with a text message, email, voicemail, social media message, fake invoice, fake delivery notice, or fake security alert. The message tells you to call a number.

The message may say that your bank account has been locked, your card has been used in a suspicious transaction, your parcel could not be delivered, your tax refund requires verification, your subscription has been renewed, or your device has been compromised.

When the victim calls, the scammer answers as if they are a trusted organisation. The scam then becomes a live impersonation conversation. This is a callback scam.

What is a callback scam?

A callback scam is a scam technique where the victim is encouraged to call a phone number controlled by the scammer or their network. The first message may only be bait. The real manipulation happens during the call.

Once the victim calls back, the scammer may impersonate a bank fraud team, government agency, telco, delivery company, tax authority, police officer, technology support desk, investment platform, cryptocurrency exchange, or insurance provider.

The scammer's goal may be to:

• obtain personal information or steal credentials
• convince the victim to transfer money
• install remote access software
• reveal one-time codes
• continue the scam through another channel

Why scammers use callback numbers

Callback scams are effective because they reverse the victim's sense of control. When the victim makes the call, they may feel that they chose to call, that calling back is safer than answering a random call, and that the person answering sounds professional.

A callback number also helps the scammer manage conversations. Instead of calling many people and hoping they answer, the scammer can send messages at scale and wait for worried victims to call in.

This creates a more efficient scam funnel:

• send a message that creates fear or urgency
• provide a callback number
• wait for the victim to call
• impersonate a trusted organisation
• extract money, credentials, identity documents, or access

Why callback scams are different from CLI spoofing

Callback scams should not be confused with CLI spoofing.

• CLI spoofing is about the number displayed during an incoming call. The scammer may make the call appear to come from a local number, a known organisation, or a familiar contact. A spoofed caller ID may not be controlled by the scammer.
• In a callback scam, the victim is told to call a specific number. That number may be part of the scammer's active infrastructure.

Why callback numbers can be more actionable

A callback number is often more useful for investigation than a spoofed caller ID. It can help answer:

• Is this number actively answering calls?
• What organisation does the operator claim to represent?
• Is the same number appearing in multiple scam messages?
• Is it linked to fake websites, fake invoices, or phishing campaigns?
• Is it being used across multiple brands or impersonation themes?
• Does it route to a call centre, voicemail, IVR system, or messaging platform?
• Can it be reported, blocked, or escalated through telco and regulatory channels?

This makes callback numbers important scam infrastructure indicators. A scammer-controlled callback number may act like a phishing domain — it is a contact point that connects victims to the scam operation.

Common callback scam scenarios

Bank impersonation: A victim receives a message saying a suspicious payment has been attempted. The message says: if this was not you, call our fraud team immediately. When the victim calls, the scammer pretends to be a bank fraud officer and may ask for identity details, verification codes, remote access, or transfers to a so-called safe account.

Government impersonation: A message claims the victim has an unpaid debt, pending refund, identity verification issue, or legal problem. The victim calls the number and is told they must act urgently to avoid penalties, account suspension, arrest, or enforcement action.

Delivery impersonation: A fake parcel message says the delivery failed and asks the victim to call a number to reschedule. During the call, the scammer may ask for payment details, address details, or identity information.

Subscription refund scam: A fake invoice says the victim has been charged for antivirus software, cloud storage, or technical support. The message tells the victim to call if they want to cancel. When the victim calls, the scammer may guide them into remote access software or fake refund steps.

Investment or crypto scam: A victim receives a message with a phone number for an investment adviser. The callback leads to a staged sales process where the scammer builds trust, directs the victim to fake dashboards, and eventually asks for bank transfers or crypto payments.

Why callback scams are persuasive

Callback scams often feel more legitimate than direct cold calls because the victim initiates the call. The scammer may also use professional details such as recorded welcome messages, fake case numbers, fake staff names, fake department names, hold music, scripted verification steps, local-looking numbers, and references to real organisations.

What consumers should do

Treat any number provided in an unexpected message as untrusted.

Do not call a number just because it appears in an SMS, email, voicemail, pop-up warning, social media message, fake invoice, search advertisement, or messaging app conversation.

Instead:

• open the organisation's official app
• type the official website address yourself
• use a phone number listed on the official website
• use the number printed on the back of your bank card

Do not share one-time passcodes. Do not install remote access software. Do not move money because someone on the phone tells you to.

If you already called the number and shared information or transferred money, contact your bank immediately and report the incident through appropriate channels.

What businesses should do

Businesses should treat callback scams as a customer trust and brand protection issue. A scammer may use a callback number to impersonate the organisation without compromising any internal system.

Businesses should:

• monitor scam reports for phone numbers linked to impersonation
• collect callback numbers from customer reports
• check whether the same number appears across multiple scam campaigns
• link phone numbers with fake domains, fake ads, fake social accounts, and mule payment destinations
• create customer education pages that list official contact channels
• warn customers not to trust numbers in unexpected messages
• work with telcos and relevant authorities to support blocking or disruption

Scams.Report can collect and assess suspicious evidence, NothingPhishy can support impersonation monitoring and disruption, and MuleHunt can help connect scam contact points with payment destination intelligence where scams lead to transfers, mule accounts, fintech identifiers, or crypto wallets.

Why callback numbers should be collected as evidence

When reporting a callback scam, victims and businesses should preserve the original message, the callback number, the date and time, screenshots, the claimed organisation, any fake case number or reference number, the scammer's instructions, and any links, email addresses, bank accounts, crypto wallets, or payment details provided.

This information helps connect isolated reports into a broader intelligence picture. A single callback number may appear small. Across many reports, it may reveal a larger scam campaign.

How callback scam intelligence supports disruption

Callback numbers can support:

• consumer warning and number reputation scoring
• telco escalation and evidence packaging
• case enrichment and campaign clustering
• brand impersonation detection
• cross-channel scam infrastructure mapping
• blocking or takedown requests where applicable

This is why callback scam detection should not be limited to websites and URLs. Phone numbers can be critical scam infrastructure. A suspicious callback number submitted through a scam report can be analysed together with links, screenshots, messages, payment destinations, and impersonated brands.

Conclusion

Callback scams work because they make the victim call the scammer. The number may appear inside an SMS, email, fake invoice, voicemail, pop-up warning, or social media message. Once the victim calls, the scammer impersonates a trusted organisation and uses the live conversation to create urgency, fear, and false confidence.

The safest rule for consumers is simple: do not call numbers from unexpected messages. Use the official app, official website, or a verified phone number you find yourself.

FAQ

What is a callback scam?

A callback scam is a scam technique where the victim is encouraged to call a number controlled by the scammer or their network.

Why do scammers ask victims to call back?

A callback number lets scammers manage victims who are already worried or engaged, and it can make the victim feel more in control because they made the call.

Is a callback number the same as caller ID?

No. Caller ID is the number displayed during an incoming call and may be spoofed. A callback number is a number the scammer asks the victim to call, and it may be part of the scammer's active contact infrastructure.

Can callback numbers be taken down?

Sometimes they can be reported, blocked, escalated, or disrupted, depending on the number type, provider, jurisdiction, evidence, and applicable telco or regulatory process.

What should I do if I called a suspicious number?

End the call, contact your bank if money or credentials may be at risk, change affected passwords, avoid installing or keeping remote access software, preserve evidence, and report the scam.