QR codes have become ubiquitous in recent years. The black and white square barcodes can be found everywhere — from parking meters to restaurant menus and advertisements. While QR codes provide a quick and easy way for businesses to direct customers to websites and apps, they also pose security risks that consumers should be aware of.

The Federal Trade Commission (FTC) recently issued a warning about QR code scams, urging the public to be cautious when scanning codes in public places. As QR code scanning has grown more commonplace, scammers have found ways to exploit the technology to steal personal information and money. They may cover up legitimate QR codes with stickers containing codes that direct victims to malicious sites designed to steal login credentials, install malware, or collect sensitive information.

“There are reports of scammers covering up QR codes on parking meters with a QR code of their own,” the FTC release stated. “And some crafty scammers might send you a QR code by text message or email and make up a reason for you to scan it.”

While QR codes themselves are not inherently dangerous, the links and websites they direct users to may be malicious. Over the past decade, QR code use has exploded, thanks largely to the convenience they provide. With smartphone cameras, QR codes give users instant access to websites without having to type in long, complex URLs.

Businesses have capitalized on this functionality, using QR codes on everything from menus to advertisements to collect customer data and drive traffic to websites. Payment platforms like Venmo and PayPal have integrated QR code payments. With QR codes becoming so deeply embedded into customer transactions, savvy scammers have spotted opportunities to exploit them.

Parking meters are a prime example of everyday infrastructure now frequently covered with QR code stickers. Unsuspecting drivers, accustomed to scanning codes to pay for parking, may not notice that a scammer has placed the sticker there to steal credit card details and other personal information. Likewise, QR codes sent unsolicited via text or email should give users pause, even if they appear tied to legitimate businesses or sources.

While vigilance is required, there are steps both businesses and consumers can take to enjoy the convenience of QR codes safely:

Businesses should monitor their QR code signage routinely to check for tampering. Only use trusted shortened URLs or links to internal pages on company domains. Consumers should avoid scanning unexpected QR codes and ask questions when uncertain. Check the destination URL before tapping links and make sure it matches expectations. Apply healthy skepticism just as with emailed links.

QR codes do not have to enable cybercrime. Staying informed on the latest threats allows us to weigh convenience versus safety. With caution and common sense, QR codes can continue providing businesses and customers with a better experience.