Proxyclick/UnsplashIt’s a simple thing we encounter many times every single week – often while in a hurry. You pull up at a parking spot, scan a QR code and pay within seconds. Or you sit down at a cafe, scan a code to view the menu and order your meal.At the train station, you scan the code on the poster for timetable updates. QR codes are increasingly used in public transport systems worldwide for ticketing, payments and accessing real-time information.Because QR codes are so widespread, scammers naturally find them appealing too. Here’s what you need to know to stay safe.What are QR codes?A QR (quick response) code is a type of barcode that stores information and encoded data in a square pattern of black and white pixels. They were first developed in 1994 by Japanese company Denso Wave for labelling automotive parts.Today QR codes are widely used because they’re quick to create and easy to scan without needing a specialised scanner – a smartphone camera will do. They’re designed to remove friction: you scan, and something happens instantly.However, a QR code doesn’t show you where it leads until after it’s scanned. Your device can perform a range of functions after scanning a QR code: open up a web page, check you in to a location, or even connect your device to a wireless network without needing to type anything.That’s what makes it so useful, but also potentially risky. Malicious QR codes can redirect users to fake websites or prompt them to download harmful content. QR codes are so familiar and widespread, we tend to trust them without question. That’s exactly what scammers rely on.What to look out forPhishing – where cyber criminals “fish” for sensitive information – is the most common type of cyber crime, typically sent by email or text. When a QR code is involved, that becomes “quishing” – short for QR phishing.Scammers now include QR codes in emails or text messages instead of clickable links. When scanned, the code directs users to fake login pages or payment sites.Because there’s no visible link, these messages can seem more trustworthy and can even bypass some email security filters.Malicious downloadsSome QR codes don’t just take you to a website – they trigger an app or file download, which could contain malware. This can give attackers access to your device, data or accounts. Because the action happens quickly, you may not have time to question whether the download is legitimate.Fake QR codes in public placesOne of the simplest methods to trick people involves placing a sticker with a fake QR code over a legitimate one. For example, scammers have been caught sticking fraudulent QR codes on parking meters. When drivers scan the code, they are taken to a fake payment page and asked to enter their card details. Posters, flyers and other signs in public places may also contain malicious QR codes.Redirect scamsEven when a QR code looks legitimate, it may redirect you through multiple websites before landing on a fake page. This makes it harder to detect suspicious activity. By the time you see the final page, it may look convincing enough to trust.How to stay safeThe good news is you don’t need to stop using QR codes. You just need to use them more carefully.Treat QR codes like unknown links. If you wouldn’t click a random link, don’t scan a random QR code.Check for signs of tampering. In public places, look closely at the code. Is it a sticker placed over another one? Does anything look out of place?Look at the web address before proceeding. Many phones now show a preview of the hyperlink retrieved via the QR code before opening it. Don’t just hit “go”, take a moment to check it looks legitimate.Avoid scanning codes from unsolicited messages. If you receive a QR code via email or text asking you to log in or make a payment, don’t use it. Go directly to the official website instead.Don’t rush to enter personal details. If a site asks for sensitive information, pause. Double-check you’re on the correct website.Keep your phone updated. Security updates may sometimes feel like a nuisance, but they do help protect your device against malicious sites and downloads.QR codes are not dangerous by themselves. They are useful tools that make everyday tasks easier. But they remove a key safety step: the ability to see where you’re going before you get there.The next time you scan a QR code, take a second to think. In a world where scams are getting smarter, the safest habit is simple – don’t trust the code and verify where it leads.Meena Jha does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.