I received a tip that attackers are targeting content aggregators and mobile subscribers via Web-based forms. Here's how it works: an attacker identifies a form that triggers an SMS message to be sent (the "Forgot my PIN" form seems like a common target), and slams the form with thousands of requests for PINs from either one address or from a botnet of hacked computers. This could lead to leads to tens of thousands of dollars in messages costs to the aggregator and, potentially, to the phone numbers targeted. I don't know if this type of attack is common, but it's dead simple to exploit.