Virgin Media O2 AI Granny Wins Award for Trapping Scammers

Virgin Media O2 won the IAB UK Joy of Digital Award this week for Daisy, an AI-generated grandmother designed to keep phone scammers talking for up to an hour. For UK SMEs, this marks a shift in cybersecurity from passively blocking threats to actively wasting attackers' time and resources. The conversational AI honeypot has already handled over 1,000 fraudulent calls, proving that defensive AI is ready for frontline deployment.

O2 deploys conversational AI to trap phone fraudsters

Virgin Media O2 took home the Joy of Digital Award this week for a defensive AI system that actively fights back against telecom fraud source. Built in partnership with VCCP's AI agency Faith, the system uses a persona named Daisy, an AI-generated elderly woman who answers calls from known scam numbers.

Using a combination of voice-to-text, generative AI, and text-to-speech, Daisy engages fraudsters in meandering conversations about knitting, fake grandchildren, and scone recipes. The system operates entirely without human intervention and has successfully kept individual attackers on the line for up to 40 minutes source.

Trained alongside professional scam investigators, the bot is designed to exploit the specific social engineering tactics criminals use on vulnerable targets. Every minute a scammer spends trying to extract fake bank details from the AI is a minute they cannot spend targeting real victims.

The shift to active defensive operations

The success of O2's honeypot means UK SMEs should stop viewing fraud prevention purely as a passive filtering problem. When you use AI to waste an attacker's time, you attack their profit margins. Scammers rely on volume and speed. A bot that stalls them for 40 minutes destroys the return on investment of their operation.

While a 50-person logistics firm isn't going to build a bespoke AI grandmother, the underlying principle of the AI honeypot is becoming highly accessible.

Vendors are already shipping conversational AI receptionists and automated screening tools that handle inbound queries. I think the real value for SMEs is deploying these tools not just for customer service, but as a primary defensive layer. If a spear-phishing caller trying to extract invoice details from your finance team gets stuck talking to an AI screener, your staff stay focused and the attacker gives up. The quiet risk here is sticking to legacy blocking tools while attackers use AI to scale their outbound calls. You need automated defences to match automated attacks.

Three steps to upgrade your inbound defences

1. Audit your public contact points. Identify which phone numbers and generic email addresses receive the highest volume of social engineering attempts.
2. Review your voice stack. Check if your current cloud PBX provider offers AI-based call screening or virtual receptionists. Tools that transcribe and evaluate caller intent before routing are becoming standard.
3. Train staff on AI voice cloning. Attackers are using generative audio to impersonate executives. Ensure your finance and HR teams have a hard, out-of-band verification process for any urgent payment requests made over the phone.