Some security researchers think that the fact that the iPhone lets you tap a phone number to dial it in Safari and Mail is a potential security risk. They warn that you could be tricked into dialing expensive 1-900 numbers or, worse, your iPhone could be trapped into a malicious loop or its dialing capabilities disabled.
While it’s true that the potential for malicious applications exist, other security researchers say that the iPhone risk is being overblown.
“If you can make calls from the Web browser, you can make fake calls from the Web browser,” [Dave Aitel, chief technology officer with Immunity] said via instant message.The rule of thumb here is, honestly, the same as it’s ever been. Try to avoid suspect websites or spam emails that lure you into clicking on links. Remember that you can use the iPhone’s pop up link trick to verify links (unfortunately, it doesn’t appear that that works for phone number links in Safari just yet, but perhaps Apple will change that).
Remember, this is not iPhone specific, and applies to any cell phone with the capability to dial from a browser link. If you can be fooled into opening your wallet to thieves, I predict you will be taken in.