It's phishing with a voice component. A phisher impersonating a major retailer will call or send out an e-mail to a user, saying that an order has been delayed or compromised. The attacker will then ask the victim to call back and "reaffirm" credit card or password information.
"Scammers do a great job of making it look really legitimate," said Troy Edington, chief technology officer for HEIT, providing defense networks for financial institutions. "You have to be diligent. If someone is asking for any type of critical information, you never want to just put that in an e-mail. You always want to go to the main site."
"It's really just letting the consumer know you really have to be on your guard," Edington added.