Tap your smartphone and approve a charge on your phone bill? That's not possible, is it?
Yes, it is.
And the Federal Trade Commission says Jesta Digital, a mobile marketing company, used this little-known billing technique to cram unwanted and unauthorized charges onto consumers' mobile phone bills.
Jesta, a California company that also does business as Jamster, has settled the claims with the FTC, agreeing to pay a refund to customers, a $1.2 million fine and change the way it does business.
In its complaint, the FTC said Jesta ran pop-up ads designed to look like virus alerts that appeared when people played the "Angry Birds" game using the free version of the mobile app on their Android phones. Rovio Entertainment, the company that created "Angry Birds," is not named in the complaint.
These were paid ads designed to "dupe consumers into clicking on the banner ads," according to the FTC. They featured a little green robot similar to the Droid character and were made to look like a legitimate warning that a virus or viruses had been detected.
"They were frightening people into thinking their mobile device was infected and they had the software to fix it," said Lois Greisman, associate director at the FTC.
But in reality, the investigation found, Jesta did not actually scan any devices, and it detected no viruses.
The pop-up ads were designed to get people to click on a "remove" button, which took them to a series of screens that talked about virus protection. The FTC's complaint said people who landed on those pages and tapped anywhere on the screen unknowingly authorized a $9.99 monthly charge for ringtones and other mobile content.
(Read more: Messaging apps hit gold as 'emojis' head west)
According to the FTC complaint, Jesta "misused" a novel and little-used billing method known as Wireless Access Protocol, or WAP. This kind of billing captures the phone number of a mobile device for billing purposes even though the customer has not manually entered that information or specifically agreed to the charge.
"I think that's pretty outrageous," Greisman said.
This is believed to be the first case ever brought by the federal government involving WAP billing.
Did company executives know this was a questionable practice?
The FTC's lawsuit quoted an internal company email in which a Jesta executive wrote that the chief marketing officer was "anxious to move our business out of being a scam and more into a valued service."
The attorney who represented the company in this case provided CNBC.com with the following statement:
"Our client is pleased to have resolved this issue. The particular advertising campaign alleged by the FTC to have been deceptive was shut down when Jesta management learned of it. Jesta is an industry-leading provider of premium mobile content to consumers, and its advertising campaigns are all compliant with or exceed the standards set by the Mobile Marketing Association."
Greg Stuart, chief executive of the Mobile Marketing Association, said he was troubled by what the FTC claims happened here.
"Clearly, these guys were just bad actors. There's no question about that from what I can see," he said.
(Read more:Are there bogus charges on your phone bill?)
Stuart pointed out that the association's best practice guidelines call for a secondary confirmation before anyone is billed for a transaction initiated from a mobile device—something Jesta did not do.
The FTC doesn't know how many people unwittingly paid Jesta Digital, but Greisman said she believes the numbers are substantial.
Jesta will notify anyone charged for services they did not authorize between Aug. 1 and Dec. 7, 2011, that they are entitled to a refund. Some of these notices will come in the form of a text message.
The company will automatically provide full refunds to anyone who was billed between Dec. 8, 2011, and Aug. 23, 2013, for any charges related to an advertising claim that the person's device was infected or that the company could provide software to protect their mobile device.
You can contact the company directly at email@example.com or at 866-856-5267. If you have questions about the case, call the FTC at 202-326-3523.
Scareware like this pop-up ad is not new. Scammers make millions of dollars a year tricking people into thinking their personal computers are infected. And as more of us move to mobile, so will the bad guys.
"Mobile users need to beware," said Robert Siciliano, online security expert for McAfee. "Going forward, you are now prime targets, too.
So when you see a pop-upthat claims you have some type of security issue, chances are you don't.
"Never click links in articles or advertisements unless you are running antivirus software on your mobile device," Siciliano warned. "The risks are just too great and infection is inevitable."
Experts say the best way to protect yourself is to check your bill every month and look for unauthorized charges.
More from TODAY Money:
- Flying family dilemma: Lug the car seat or pay up at rental counter?
- Feds: Bank chairman used bailout money to buy luxury condo
- People saving more for college, but still not enough