"How many people here see their bill?" Niemela asked. In an audience of more than 100 people, no one raised a hand.
Other exploits for smartphones include fake applications that trick people into paying for them, and offers that include monthly charges in the fine print, similar to other online scams, Niemela said.
Some fake applications have been focused on banking apps, Niemela said. "That's scary," he added. "Those could have just as easily been banking Trojans."
Security researchers have also noticed scams where criminals are combining the Zeus Trojan, which typically steals personal information from PCs, with a mobile component, he said. In one case, criminals targeted customers of a bank in Spain.
The Zeus Trojan inserted a field on the bank's website asking for the user's SMS information and phone number. The criminals then sent a message to the customer's mobile phone, saying that their mobile-phone operating system needed to be updated. When customers downloaded the update, a Trojan was installed on their phone.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.