More consumers are buying smartphones. So more criminals are taking aim at those devices.

Criminals still prefer PCs for stealing personal data, bank and credit card account numbers as well as for running frauds. However, most PC attacks focus on Microsoft’s decade-old Windows XP operating system, which is slowly being replaced by the more secure Windows 7. Over the next few years, hackers will have to find new targets.

With smartphones outselling PCs for the first time — 421 million of the hand-held computers are expected to be sold worldwide this year, according to market analysts at IDC — the long-predicted crime wave on hand-held devices appears to have arrived. According to the mobile-security firm Lookout, malware and spyware appeared on 9 out of 100 phones it scanned in May, more than twice the 4-in-100 rate in December 2009.

In fact, the most practical rule for protecting yourself is to start thinking of the smartphone as a PC.

Most malicious incidents on mobile devices involve bogus phone or text-message charges or rogue mobile applications, of which there are now more than 500 varieties, according to F-Secure, a Finnish security firm. All these ruses require users to take some kind of action, like clicking to accept or install a program, so caution while using mobile devices can prevent most problems. (However, experts warn that automated attacks are possible and could emerge in the future.)