Doros Hadjizenonos is South Africa sales manager at Check Point Software Technologies.

QR codes are intended to help direct users quickly and easily to information about products and services, but are also starting to be used for social engineering exploits. The emergence of QR scan scams is a rising concern for users today.

The issue with using QR codes is that users are forced to trust the integrity of the code’s provider, and assume that the destination it leads to is legitimate.

Social engineering exploits rely on human curiosity to see what might happen when users click on an attachment, or a QR code is scanned, which can often lead to security problems.

Let’s look at how a potential QR code-based exploit could be mounted, and then at how to defend against it.

The first step in mounting a QR exploit is to distribute the code itself.

This could happen by embedding the QR code in an e-mail – making it an elaborate phishing exploit.

Once the QR code is distributed, the attacker has a multitude of scam options. At a basic level, the code could simply redirect users to fake Web sites for phishing purposes – such as a fake online store.

More sophisticated exploits involve hackers using the QR code to direct users to Web sites that will “jailbreak” their mobile device - such as key loggers to be installed without the user’s knowledge or permission.

The biggest potential risk to users is the rising use of mobile banking and payments via smartphones. This could give hackers virtual pick-pocket access to mobile wallets.

The most important precaution is being able to establish exactly what link or resource the QR code is going to launch when it is scanned. Some (not all) QR scanning applications give this visibility allowing the user to confirm if they wish to take the action.

In conclusion, the risks presented by QR codes are really a new spin on well-established hacking tricks and exploits. The security basics still apply – be cautious about what you scan, and use data encryption where possible.