
Imagine getting a phone call that promises to change your financial future.
The person on the other end sounds confident. They talk about artificial intelligence, market analysis, and extraordinary profits. Then they mention two names almost everyone recognizes: SpaceX and Elon Musk.
"Have you heard of SpaceX? Have you heard of Elon Musk?" the caller asks.
They explain that a major opportunity is unfolding and suggest that people who act quickly could earn life-changing returns.
For someone unfamiliar with investment scams, the pitch might sound convincing.
According to a Bitdefender Labs investigation, however, this call was just one piece of a much larger ecosystem that spent months building investor excitement around SpaceX-related opportunities. Across SMS campaigns, social media advertisements, email newsletters, webinars, and phone calls, researchers observed a coordinated effort to capture attention, build credibility, create a sense of urgency, and ultimately persuade potential victims to invest.
For years, investors speculated about whether SpaceX would go public. Elon Musk's global profile, SpaceX's remarkable growth, soaring private valuations, and relentless media attention created a rare combination of hype, curiosity, and investor demand.
But those same factors also made SpaceX attractive to scammers.
This isn't the first time Bitdefender researchers have encountered SpaceX-themed fraud. Over the years, threat actors have repeatedly exploited public fascination with Elon Musk, Tesla, SpaceX, and emerging technologies to promote everything from cryptocurrency giveaway scams to fraudulent investment opportunities and AI-powered trading platforms.
Bitdefender Labs researchers have repeatedly documented how threat actors exploit Elon Musk's name, image, and reputation in fraud campaigns ranging from cryptocurrency scams and fake giveaways to deepfake promotions and AI-powered investment platforms.
When speculation about a future SpaceX IPO intensified throughout 2025, opportunistic actors found a ready-made audience. Long before the company publicly filed its IPO paperwork, investors were searching for information, discussing valuations, and looking for ways to gain exposure to what many viewed as a once-in-a-lifetime opportunity.
But as this excitement grew, so did the volume of SpaceX-themed ads, emails, SMS campaigns, webinars, and investment pitches. Scammers are all aboard the SpaceX train alongside the millions of investors eager not to miss out.
Rather than appearing overnight, the ecosystem evolved over many months.
Researchers at Bitdefender Labs Alexandra Dinulica and Vlad Sireanu observed early investment-themed scam emails promoting SpaceX- and Starlink-related opportunities, encouraging recipients to position themselves ahead of future developments.
SMS campaigns joined the ecosystem, expanding the narrative beyond email audiences and increasing reach.
Claims involving artificial intelligence, growth opportunities, and major corporate developments began appearing more often. Webinar-style promotions and educational content were also used to attract potential investors.
The same themes started appearing across multiple channels simultaneously, suggesting a coordinated effort to reinforce the narrative through repeated exposure.
As SpaceX moved closer to its public debut, researchers observed increasing numbers of promotions referencing future valuations, market opportunities, and investment strategies tied to the company's anticipated listing.
Campaign activity reached peak intensity. Scam ads, smishing campaigns, scam emails, and investment pitches increasingly focus on urgency, deadlines, and fear of missing out.
Even after SpaceX's market debut, operators continued promoting "final opportunities" and follow-up investment offers designed to capitalize on lingering excitement.
Researchers observed SpaceX-themed investment promotions targeting users across multiple regions, including the United States, Spain, Sweden, Slovenia, Croatia, Poland, Italy, France, South Africa, Singapore, Jordan, and the Philippines, among others. Campaigns appeared in multiple languages and adapted the same narrative to different markets, suggesting a broad international effort rather than a localized operation.
One of the most interesting findings from our investigation was that each channel served a different purpose.
Advertisements often acted as the first point of contact.
Researchers observed promotions built around messages such as:
"SpaceX IPO: The $350B milestone reached."
"SpaceX goes public tomorrow."
"The biggest IPO opportunity in Wall Street history."
"Elon Musk's automatic income."
"Trade tokenized SpaceX, Anthropic and OpenAI."
Some ads promoted supposed early access. Others focused on extraordinary returns or AI-powered investing. While the wording varied, nearly all were designed to generate excitement and drive engagement.





Emails added even more context and legitimacy to the narrative. Recipients were invited to webinars, encouraged to read investment reports, or introduced to supposedly overlooked opportunities connected to SpaceX and emerging technologies.
Some campaigns spotted this month sought to create a sense of exclusivity rather than urgency. Bitdefender researchers also observed emails inviting recipients to submit "eligibility requests" for potential participation in a SpaceX IPO. Rather than selling an investment outright, these messages positioned the recipient as a candidate being evaluated for access to a limited opportunity, a tactic designed to increase engagement and trust.

The campaigns also demonstrated significant geographic reach. According to Bitdefender Antispam Lab researcher Viorel Zavoiu, SpaceX-themed investment emails were observed across multiple continents, with particularly high volumes detected in Australia, the UK, Ireland, Germany, Romania, France, and South Africa.
This broad distribution suggests operators were not targeting a single market but trying to capitalize on global interest in SpaceX and Elon Musk.
SMS campaigns shifted the narrative from curiosity to action.
Messages emphasized deadlines, countdowns, and limited-time opportunities.
Examples included:
"Countdown to SpaceX IPO."
"The filing just happened. You've got days."
"Final window."
For some targets, the final stage involved direct contact.
Phone calls promoted investment platforms, AI-driven trading systems, and opportunities supposedly connected to major market developments.
While bogus ads, emails, and SMS messages helped build awareness and credibility, the final stage often involved direct human interaction.
One particularly revealing example involved a call received by a Bitdefender honeypot.
In early June, researchers knowingly provided contact information to a suspicious investment website. Days later, on June 12, a Spanish-language honeypot received a 16-minute phone call from a German phone number promoting an AI-assisted investment platform.
The caller repeatedly referenced SpaceX, artificial intelligence, and extraordinary profits.
At one point, the caller claimed:
"I make over €11,000 every week."
The caller also attempted to explain the platform's capabilities:
"We're going to generate a highly experienced financial analysis for you so that, using artificial intelligence, we can generate profitability."
The explanation sounded sophisticated but provided little insight into how the investment platform actually operated.
The SpaceX narrative was used repeatedly throughout the conversation:
"Have you heard of SpaceX? Have you heard of Elon Musk?"
Later, the caller attempted to reinforce a sense of urgency by suggesting that people who acted quickly could achieve exceptional results.
When the recipient expressed hesitation, the pressure tactics became even more apparent:
"Either you're afraid of achieving those kinds of results, or you're afraid of earning that kind of money."
While the callback itself was expected after the lead submission, the sales pitch raised multiple red flags common to investment scams: promises of exceptional profits, limited explanations of how the platform worked, pressure tactics designed to overcome hesitation, and repeated references to high-profile brands and public figures to establish trust.

While SpaceX and Elon Musk served as powerful hooks throughout the campaign, another recurring theme appeared repeatedly: artificial intelligence.
Across ads, emails, and investment pitches, researchers observed frequent references to AI-powered investing, automated trading systems, and algorithms capable of generating exceptional profits.
This mirrors trends seen in previous investment scam campaigns investigated by Bitdefender, including operations that used deepfake videos, fabricated endorsements, and AI-themed trading platforms to create the appearance of legitimacy.
The SpaceX-themed scam campaigns observed by Bitdefender Labs highlight how modern investment scams rarely rely on a single channel of communication. A potential victim might first encounter an advertisement on social media, receive follow-up emails or SMS messages, click through to an investment website, and eventually speak with someone over the phone (a pattern we’ve previously covered in our research).
That makes layered protection more important than ever.
Before acting on any investment opportunity:
Be particularly skeptical of opportunities that:
If you encounter an investment opportunity online, take a few moments to verify it before clicking.
Free tools such as Bitdefender Scamio can help analyze suspicious messages, investment pitches, social media posts, or emails for signs of fraud.
If an advertisement or message contains a link, Bitdefender Link Checker can help determine whether the destination appears suspicious before you visit it.
One of the most important lessons from this investigation is that scammers increasingly operate across multiple channels at once.
A user may encounter:
This is why comprehensive protection matters.
Security solutions that help identify scams across web browsing, messaging apps, social media platforms, SMS messages, and incoming calls can significantly reduce exposure to fraudulent investment schemes before they reach the point of financial loss.
This article is published for informational and educational purposes only. The information presented is based on technical research conducted by Bitdefender Labs and publicly available sources. Bitdefender does not make any legal determination regarding the activities described herein. The mention of any company, brand, domain, or individual does not constitute an accusation of illegal activity. Readers should exercise their own judgment and consult appropriate authorities or legal counsel if they believe they have been affected by any of the activities described. Domain names and URLs listed in this article are provided solely to help consumers and security professionals identify potentially harmful infrastructure. Bitdefender disclaims any liability for actions taken based on the information in this article.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all posts