This rule detects inbound email messages that originate from noreply@settime.io and contain a natural language understanding (NLU) intent labeled as 'callback_scam' with a confidence level other than 'low'. It leverages sender analysis to verify the email source and NLUs on the message body (body.current_thread.text) to identify scam intent. When a match is found, the rule labels the activity as Callback Phishing and associates it with social engineering and out-of-band pivot techniques. The intent is to identify abuse of the Settime.io scheduling service to prompt recipients to call a phone number controlled by threat actors, enabling potential fraud through telephone-based callbacks. The detection methods are sender analysis and NLU, with an attack focus on social engineering and out-of-band coordination to exfiltrate value or compromise recipients.