ISP Impersonation Scams UK: BT, Sky, Virgin Media and Openreach Fraud Calls
A deep investigation into ISP impersonation calls targeting UK broadband customers — how scammers gain remote access to your computer, which providers are being faked, and exactly what to do if it happens to you.
- What is the ISP impersonation scam?
- Which ISPs are being impersonated?
- How the scam works — step by step
- The PSTN switchover scam
- Remote access tools used in these scams
- Most commonly reported tools
- Documented victim case
- Red flags to watch for
- What to do if you receive one of these calls
- What the networks are doing
What is the ISP impersonation scam?
You receive an unsolicited call. The caller knows your name, your postcode, and sometimes even your provider. They claim to be from BT, Sky, Virgin Media, Openreach, or a 'technical partner' and say there is an urgent fault on your line, malicious traffic from your router, or an equipment issue that must be fixed today. They sound calm, professional, and credible. This is a scam. Criminals impersonating UK internet service providers are cold-calling households across the country in one of the most damaging phone fraud campaigns currently active. According to Action Fraud, over 20,144 people in the UK became victims of remote access scams, losing an average of £2,868 each. The goal is always the same: to get remote access to your computer so they can steal banking credentials, drain accounts, and install backdoors for future access.
Which ISPs are being impersonated?
- BT — the most commonly impersonated provider. Scammers pose as BT engineers or 'BT Technical Support', exploiting the Digital Voice switchover. Victims are told to pay for line migration or grant remote access for urgent repairs.
- Sky — callers claim your Sky box or broadband has a fault, or that your account shows suspicious activity. They request login credentials or remote access to 'secure' your account.
- Virgin Media — fake Virgin engineers claim there are cable faults or speed issues. VMO2 now flags over 70 million suspected scam calls per month through AI-powered detection technology.
- Openreach — because over 650 UK service providers use the Openreach network, claiming to be 'from Openreach' gives scammers near-universal cover. Openreach never calls customers directly.
- TalkTalk — TalkTalk was targeted so heavily it once banned TeamViewer and AnyDesk from its network entirely. Impersonation scams continue exploiting previous TalkTalk data breaches.
- Plusnet — as a BT Group subsidiary, Plusnet customers are regularly caught in scams targeting BT infrastructure. Callers threaten disconnection unless immediate action is taken.
- EE, Three and other providers — mobile network impersonation includes fake 5G SIM upgrade emails and calls about suspicious device activity.
How the scam works — step by step
- Step 1 — The cold call: You receive an unsolicited call from someone claiming to be from your ISP or Openreach. They may already know your name, address, and provider, sourced from previous data breaches. This familiarity is engineered to lower your defences.
- Step 2 — The manufactured crisis: A fabricated urgent problem is presented: a line fault, malicious traffic from your router, a disconnection deadline, or impending equipment failure. The emotional pressure is deliberate.
- Step 3 — Installing the remote tool: You are directed to a website and told to download AnyDesk, TeamViewer, UltraViewer, LogMeIn, or GoToAssist. The caller guides you through granting full access, framing it as 'letting the engineer take a look'.
- Step 4 — Total control: With remote access established, the attacker can see your screen, control your mouse, read your files, intercept one-time passcodes, and access banking apps — often behind a fake 'working' screen overlay.
- Step 5 — The drain: While claiming to run diagnostics, they open your online banking, move funds, add new payees, and transfer money to accounts under their control. Victims often aren't aware until hours later.
- Step 6 — The cover-up: Before disconnecting, some scammers install persistent backdoor software. Others call back the next day posing as 'fraud investigators' to extract more.
The PSTN switchover scam
In a particularly widespread variant, criminals exploited the UK's nationwide migration from copper (PSTN) landlines to broadband-based Digital Voice services. Fraudsters impersonating BT engineers called victims and warned of an imminent 'January 2025 deadline', using real industry terminology and demanding payment or remote access to complete the migration before disconnection. What made this scam unusually effective was its use of genuine, accurate information — the switchover was real, the deadline had been publicised, and scammers sourced personal data from previous breaches so they knew your name, address, and provider before dialling. Key fact: the UK PSTN switchover is entirely free of charge. No ISP will ever call you and ask for payment to migrate your landline. The original January 2025 deadline was subsequently postponed — the new UK-wide deadline is now 31 January 2027. Anyone citing the original deadline to create urgency is running a scam.
Remote access tools used in these scams
These are legitimate software products used every day by genuine IT professionals. Criminals exploit them precisely because they are trusted and widely available. In 2017, TalkTalk banned TeamViewer and similar software from its network entirely after sustained scam campaigns targeting its customers.
Most commonly reported tools
- TeamViewer — the most commonly reported tool in UK remote access scams, according to Which? magazine
- AnyDesk — used in large-scale campaigns; over 1,300 fake AnyDesk websites have been identified, some bundling Vidar infostealer malware, with infrastructure traced to Russia
- UltraViewer — frequently used as an alternative when victims are familiar with the better-known tools
- LogMeIn — reported in multiple UK cases documented by Which?
- GoToAssist — used in customer support impersonation scams
Documented victim case
In a case documented by Which? magazine, a retired woman received a call from someone claiming to be a BT engineer. She was told malicious activity had been detected from her router. Guided to download TeamViewer and log into her banking accounts to 'verify the firewall was working', she handed over security codes she believed were setting up new protection. Attackers transferred funds through First Direct to external accounts using her existing payees, bypassing new-payee security checks. The transfers were labelled 'flights' to avoid automated fraud detection. She lost £155,000. This case illustrates the core mechanism of all ISP impersonation scams: the victim is made to feel in control while the criminals observe and act in the background.
Red flags to watch for
- An unsolicited call claiming to be from your ISP, Openreach, BT, Sky, or Virgin Media
- Claims of urgent faults, malicious activity, or disconnection threats you were not previously aware of
- Requests to install any remote access software including AnyDesk, TeamViewer, or UltraViewer
- Requests for payment to migrate your landline to Digital Voice — this is always free
- Being asked for banking passwords, PINs, or one-time passcodes over the phone
- Pressure to act immediately before an imminent deadline
- Being told not to contact your bank or hang up
- Caller already knows your name, address, or provider — this does not prove they are legitimate
- Being directed to a website that looks like your ISP's site — check the URL carefully
- Calls from spoofed numbers that appear to match your ISP's official contact numbers
- Being transferred to a 'senior engineer' or 'fraud team' to add credibility
- Being called back by a 'bank fraud team' shortly after — this is often the same criminals
What to do if you receive one of these calls
- Hang up immediately — no legitimate ISP will object to you ending the call
- Call your ISP back using the number on their official website or the back of your bill — not a number the caller gave you
- Never install remote access software at an unsolicited caller's request
- Never share one-time passcodes, PINs, or banking passwords over the phone
- If you have already installed remote software: disconnect your internet connection immediately and run a full antivirus scan
- If you have shared any financial information: contact your bank immediately on the number on the back of your card
- Report the call to Action Fraud on 0300 123 2040 or at actionfraud.police.uk
- Forward suspicious texts to 7726 — free on all UK networks
- Report spoofed numbers to your mobile provider and to Ofcom
What the networks are doing
VMO2 deployed Hiya's AI-powered Call Defence system, which now flags over 70 million suspected scam and spam calls every month, up from 50 million a year earlier. Over one billion suspicious calls have been flagged in total. According to Hiya's Q4 2024 Global Call Threat Report, 32% of all unknown calls to UK phones are now classified as spam or fraud, up from 28% the previous quarter. All major UK networks — BT, EE, Sky, Virgin Media, O2, Three, and Vodafone — support scam reporting via the number 7726. Ofcom is also tightening rules on number spoofing and requiring networks to implement STIR/SHAKEN authentication, a technical standard that validates caller ID to prevent spoofing. Despite these improvements, staying alert remains essential — network filtering does not catch every call.
Frequently asked questions
Will BT, Sky, or Virgin Media ever call me out of the blue about a fault?
No. Legitimate UK internet service providers do not call customers unsolicited to report line faults, broadband issues, or equipment problems and then ask for remote access to fix them. If you receive such a call, it is a scam. Hang up and call your provider back on the number shown on their official website or your bill.
Do I need to pay anything for the Digital Voice / PSTN landline switchover?
No. The UK's migration from copper PSTN lines to broadband-based Digital Voice is entirely free of charge for all customers. No ISP — BT, Sky, Plusnet, TalkTalk, or any other — will ever call you and request payment to complete this migration. The new UK-wide deadline for the switchover is 31 January 2027. Anyone demanding payment or urgency around this is running a scam.
Is it safe to use TeamViewer or AnyDesk with someone who called me?
No. You should never install or open remote access software such as TeamViewer, AnyDesk, or UltraViewer at the request of someone who called you unsolicited. These are legitimate tools, but in the hands of scammers they give full control of your computer, including access to banking apps, passwords, and one-time security codes. Legitimate ISPs and engineers do not ask for remote access via a cold call.
What should I do if I already gave them access to my computer?
Act immediately. Disconnect your computer from the internet — unplug the ethernet cable or turn off Wi-Fi. Do not wait. Then contact your bank on the number on the back of your debit or credit card and tell them you may have been the victim of a remote access scam. Ask them to freeze your account while you investigate. Then run a full antivirus scan or take your device to a professional before reconnecting it to the internet. Report the incident to Action Fraud on 0300 123 2040.
How do scammers already know my name and address?
Personal data including names, addresses, phone numbers, and ISP details is widely available from previous large-scale data breaches. Scammers purchase or access these databases and use them to make calls sound credible. Knowing your name or address does not mean the caller is from your provider — it is a deliberate tactic to lower your guard. Always verify by hanging up and calling your ISP back on their official number.