How to pull back an email that has already been sent?
After it was sent, probably in no way, but
the administrator of the receiving server (who manages the mailbox of the e-mail address of the wrong recipient), could still physically delete the mail from the server before it is accessed. It is a question of time and opportunity.
Time. This is obviously useful as long as it has not yet been downloaded. After that, he can still delete the server copy, but he cannot delete the downloaded one(s).
Opportunity. The administrator of the receiving server may have not the legal right to do it. Or even the possibility to act in time.
However, if it is an email within the company and an internal server is used, an email to and a quick phone call to the mail administrator could still be sufficient (when the company policies allow it).
Safe procedures at work
Instead, you may need to use in advance safe procedures at work, especially dealing with sensitive content.
Use encryption , e.g. PGP, for the attachment with the public key given by the receiver. If you sent the attachement to the wrong people they will not be able to read. Using the key given by the right receiver you doublecheck your work.
Put attachments as links to a (local) cloud copy instead of the file. It is easy and quick in this case to delete, rename, change the permission to the file so that the link included in the mail become broken.
Use encryption and send the password via a different communication way. (Once again doublechecking).
Some words more (tl;dr)
An email written on your computer is sent from your client (outlook, your web browser ...) to a sending mail server which processes the request by sending it to a receiving server. Received mail is here archived with the attachment in the final recipient area, waiting for the user to download it. Everything happens in a few moments.
You can act in each step:
Before it exits from the sending server.
Some clients and some provider online pages (gmail ...) have a grace time: they allow you to defer the sending time by a few seconds (usually up to 30): this is a compromise between immediacy shipment and the time to reconsider/realize that an attachment is missing, or there has been an inadvertent sending. You have read an undo action, but the mail has not actually been sent yet.
After it is received but not delivered to the final recipient.
Some services (Microsoft, ...) allow to pull back a mail, within a corporate network; it does not always work when the deletion occurs after synchronization by a client set to make local copies and delete only at the explicit request of the user.
If you can contact and convince the administrator of the receiving email address in time, they can delete the mail not yet downloaded.