Reddit Ads Impersonate BBC and The Guardian to Push Fake AI Investment Schemes

Reddit users are being targeted by a growing wave of sponsored scam ads impersonating major news organizations, including the BBC, the Financial Times, and The Guardian, according to new findings from Bitdefender Labs.

The campaign promotes fake AI-powered investment platforms such as Wencoin STX, Warrior Coin AI, and Nevo Coin, using fabricated celebrity endorsements, cloned news websites, fake interviews, and invented financial success stories to lure victims into depositing money.

Key takeaways

• Scammers impersonate trusted media brands such as the BBC, Financial Times, and The Guardian
• Reddit promoted posts are used to target US and European audiences primarily
• Fake investment platforms such as Wencoin STX, Warrior Coin AI, and Nevo Coin are at the center of the campaign
• The scam pages use AI-themed narratives, fake news stories, fabricated testimonials, and false urgency
• Threat actors incorporate geopolitical themes and political imagery to increase credibility
• Domains are short-lived and rapidly rotated to evade detection
• The infrastructure and tactics strongly resemble earlier investment scam campaigns observed on Meta platforms

What Bitdefender Labs found

Researchers Andrea Olariu and Emanuel Puscasu have identified multiple promoted Reddit posts masquerading as legitimate financial or breaking news stories.

Some ads claimed that:

• NVIDIA and OpenAI were “creating the future”
• Heathrow police discovered hundreds of thousands of pounds in cash
• Governments and banks were allegedly trying to “hide” a revolutionary AI investment platform
• European regulators were “silencing” articles about AI trading systems

Here are some examples of the scam ads:

Some Reddit ads delivered in video format, including what appeared to be a deepfake BBC news segment featuring a news anchor presenting fabricated financial headlines.

One recurring message stated: “No Deal in Davos: US users locked out of Warrior Coin indefinitely,” alongside footage of Donald Trump, Ursula von der Leyen, World Economic Forum imagery, and maps of the United States to create the illusion of a legitimate geopolitical news broadcast.

The promoted ads redirected users to cloned news websites visually imitating well-known publishers.

Examples observed by researchers included:

• Fake BBC pages discussing “$20 billion conversations” tied to AI investments
• Fraudulent Financial Times articles about Heathrow airport cash seizures
• Fake Guardian stories claiming governments were trying to suppress coverage of Wencoin STX or Nevo Coin

The pages featured fabricated interviews, fake profit screenshots, manipulated banking documents, false testimonials, and even fictional journalists or business editors designed to make the scam look legitimate. In many cases, the content sought to create a sense of exclusivity or conspiracy, suggesting that banks, regulators, or governments were trying to suppress public access to the investment platform.

Let’s look inside some of the bogus narratives promoted by the scammers:

Political Imagery Used to Reinforce Credibility

Bitdefender Labs also observed fake Guardian-style articles using high-profile political imagery to reinforce an sense of legitimacy and urgency.

Some pages featured photos of Donald Trump meeting with European Commission President Ursula von der Leyen, seeking to frame the scam narrative as part of major geopolitical and economic developments. These fabricated articles falsely suggested that international trade disputes, tariffs, or behind-the-scenes negotiations were somehow linked to AI-driven investment platforms like Wencoin STX.

The threat actors appeared to intentionally blend recognizable political figures, geopolitical tensions, and cloned media branding to make the scam content look authentic and financially credible.

Other fake articles claimed that authorities, banks, or European regulators were attempting to suppress information about the platform because it allegedly threatened traditional financial institutions.

This type of narrative engineering is commonly used in investment fraud campaigns to create emotional urgency, fear of missing out, and distrust in mainstream financial systems.

Scam domains identified

During our analysis, we identified several domains associated with the campaign, including:

• info.urjofferai[.]top
• europe-north.verainews[.]life
• europe-north.ureainews[.]top
• info.ureainews[.]top
• info.verainews[.]life
• info.neoofferai[.]life
• info.lqaaioffer[.]info

Researchers also observed infrastructure patterns consistent with previous investment scam campaigns, including: rapidly registered domains, cloned templates, rotating narratives, geo-targeted advertising, and fake celebrity or media endorsements.

Now, for the million-dollar question: What happens if users click on the embedded links on the fake webpages?

Our researchers found that after users clicked links embedded within the fake Guardian articles, they were redirected to a registration form allegedly used to create a “Nevo Coin” investment account.

The form requested personal contact information, including the victim’s name, email address, and phone number. To increase pressure and encourage immediate action, the page warned that registration availability was limited, claiming that once all spots were filled, new user registrations would be suspended. At the time researchers analyzed the campaign, the page claimed that approximately 1,200 registration spots remained available.

Researchers also noticed that because the registration page was embedded directly within the cloned Guardian-themed website, the threat actors sought to exploit the publication’s reputation to reassure potential victims.

One message on the page stated:

“The Guardian does not send its readers ‘left’ without checking the safety of the resource.”

This type of language appears designed to falsely imply that the investment platform had been reviewed, approved, or vetted by The Guardian itself.

After submitting the form, users were redirected to another page informing them that their request had been accepted and that a “personal advisor” would contact them within 24 hours. The final stage included countdown timers and additional urgent messaging commonly associated with investment fraud operations and high-pressure social engineering tactics.

If the tactics and templates sound familiar, that’s because they’re becoming a staple of investment-themed malvertising campaigns over the past year, with threat actors repeatedly recycling the same social engineering playbook across platforms like Facebook, Instagram, and now Reddit.

The campaign shares strong similarities with the global investment scam network we documented in March 2026, which involved Meta ads.

Like those earlier operations, the Reddit version also relies on:

Impersonation of trusted brands

Threat actors abuse the credibility of internationally recognized media outlets to lower suspicion and increase click-through rates.

AI and crypto hype

The scam narratives heavily reference artificial intelligence, automated trading, quantum algorithms, or cryptocurrency wealth generation to exploit fear of missing out.

Fake social proof

The pages include invented user testimonials claiming extraordinary returns from modest investments such as €250 turning into thousands within weeks.

Psychological pressure

Many stories imply that governments or banks are trying to suppress the opportunity, encouraging victims to act quickly before access disappears.

Multi-stage funneling

Users are first exposed to sensational Reddit ads, then redirected to fake articles, and finally funneled toward registration pages requesting personal and financial information.

How to stay safe

Investment scams are increasingly sophisticated, especially when combined with AI-themed narratives and trusted-brand impersonation.

Users should remain cautious whenever encountering sensational financial claims online.

Watch for these red flags:

• Articles hosted on strange or newly registered domains
• URLs that imitate legitimate media outlets
• Claims of guaranteed profits or unusually high returns
• “Secret” investment opportunities supposedly hidden by governments or banks
• Fake celebrity endorsements
• Urgency tactics pushing immediate registration or deposits

An easy way you can stay safe

• Verify domains carefully: Major media organizations do not publish articles on random .top, .life, or obscure subdomains.
• Be skeptical of investment promises: High returns with little or no risk are a classic scam indicator.
• Research before investing: Check whether investment platforms are licensed and independently reviewed.
• Investigate before you invest: Before engaging with a sponsored post, investment opportunity, or article hosted on an unfamiliar domain, run the URL through Bitdefender Link Checker and ask Bitdefender Scamio to analyze the advertisement, message, or website. A few seconds of verification can help you avoid sophisticated impersonation scams like those uncovered by Bitdefender Labs on Reddit.
• Use security solutions with scam protection features: Bitdefender solutions help detect malicious pages, phishing attempts, and fraudulent advertising campaigns.
• Think before you click: Sponsored content on social media platforms can still be malicious, even when it appears professionally designed.

Disclaimer: This report is published for informational and educational purposes only. The findings presented are based on independent research conducted by Bitdefender Labs using publicly available information and proprietary threat intelligence. The mention of specific domains, entities, brands, or trademarks does not imply any endorsement, affiliation, or official relationship. All trademarks referenced herein are the property of their respective owners. Bitdefender makes no representations or warranties regarding the accuracy or completeness of third-party information. Readers are encouraged to verify any information independently before taking action.