A colleague of mine called me this morning. He asked why I had sent him an SMS on last friday containing only a bank account number. I had not. And the account number, xxxxxx-xxxxxxx (valid account at OP), was totally alien to me. I did not find it on my computers, mail archives or "recipient list" of my net bank. Google could not tell me anything about it (well, if you don't count the fact that when interpreted as an arithmetic expression it evaluates to a particular integer).
I went to browse my phone's log and found 10 text messages sent during a time period when I had just arrived at Jyväskylä Travel Centre. I had had a day on the road, working while traveling by buss and train. My phone (Nokia E65, sw version "1.0633.18.01 11-01-07 RM-208 Nokia E65") had been in casing, slider closed and keys locked, but bluetooth turned on and in discoverable mode (Shame on me!) all day long. I had touched my phone only once. That was when I accepted my laptop to use my phone via bluetoothe and open an Internet connection. Laptop is paired with the phone, but not trusted by the phone (that's why I had to press "OK" to open connection).
Another colleague asked if he owed me something. He did not. Apparently he was one of the recipients of these mystery messages. His question woke me up. Could somebody be pulling a nice scheme using a bluetooth (or some other) vulnerability? If this is the case, the account number most probably is not owned by the felon himself.
I have contacted police, reported this to Ficora, Nokia, OP and F-Secure and will file a criminal complaint.
Have a nice day. Keep your bluetooths off.