This detection rule targets callback phishing attacks delivered through the Yammer platform. It identifies messages that exhibit common characteristics of callback scams, specifically those containing suspicious language around payments and financial transactions. The rule utilizes a combination of natural language understanding (NLU) classifiers to detect potentially harmful intents associated with callback scams, along with string matching for multiple financial email patterns. Further, it employs regular expressions to identify phone number formats that are typically used in scams. The rule ensures that it does not flag benign interactions by excluding messages classified as benign with high confidence. Effectively, it aids organizations in spotting deceptive communications that might otherwise bypass conventional security measures.