There seems to be a vulnerability in TouchWiz, Samsung’s touch interface. It appears that the "tel" type in the "<a>" tag will not prompt you for confirmation if the number being dialed is a system command.
For instance, because we love humor and the misfortune of others, we have this HTML page:
<html> <head></head> <body> <a href='tel:*2767*3855%23'>Click here for customer support</a> </body> </html>
When our dear friend on their Samsung device clicks the link, they will hard-reset their phone with no confirmation. It seems that it will only prompt you if the number is one that will cost you $$$ for making a call.
WARNING – Feeling adventurous and want to try it out on your self? Do it at your own risk, it will erase all data on your phone and revert it to factory settings.
Some crazy iPhone fanboi is offering up the link for all to click on 🙂
***** UPDATE *****
The H-Online reported that there is a new app on the Google Play that will intercept and prevent hard-resets from the above exploit. The app is called NoTelUrl developed by Jörg Voss.