A new wave of sophisticated phishing scams is targeting Bank of Valletta (BOV) clients, with fraudulent messages appearing within the same SMS thread as genuine communications from the bank, making them appear legitimate and increasing the risk of victims being deceived.

The scam messages, which closely mimic BOV’s official alerts, claim that a new phone number has been added to a customer’s account. They then urge recipients to click on a link such as 24x7bov-help.com if the change was not authorised.

These fake URLs are not affiliated with BOV and are designed to steal users’ online banking credentials or other personal data.

The deceptive nature of this latest scam lies in its integration into existing BOV message threads, making it appear as if the alert came directly from the bank’s verified SMS number. This manipulation of message grouping - known as 'thread injection' - is an advanced form of phishing now being seen across Europe.

When customers called BOV to as they though the message was genuine, BOV personnel warned them not to click on any links sent via SMS or email, and to access their online banking only through the official BOV website or mobile app.

Cybersecurity experts are advising the public to remain vigilant, avoid clicking on suspicious links and verify all messages directly with the bank using official contact channels.