QR codes are seemingly everywhere now. Sure QR, or quick response, codes for smartphones have been around for at least a decade, but unlike other areas of the world like China, they never quite caught on here in the U.S. Until the pandemic, that is.

Suddenly we’re scanning black and white squares to look up restaurant menus, pay for drinks at bars, and check into doctors appointments.

And while the pandemic is—fingers crossed—under control, QR codes are still everywhere, and I love it. Scanning a code is easier than having to bug a waiter for a menu. Plus, I get to keep staring at my phone during dinner no matter how much my loving wife tells me to put it away.

But like any popular piece of technology, QR codes come with a risk. Cybercriminals are altering QR codes in public with stickers and sending phishing emails with malicious codes to trick people into visiting nefarious sites, downloading malware, and stealing user information.

There are, however, ways you can avoid falling victim to these scams.

Check for stickers and URLs

QR codes are generally used to quickly get you to a website without having to type in a URL. That’s more or less how those digital restaurant menus work. But, according to a recent FBI alert, cybercriminals are altering those codes to sucker victims into visiting fraudulent websites.

It’s not just restaurants, either. I’ve seen phony stickers slapped onto QR codes outside of a nearby elementary school that parents use to check their kids in each morning.

The gist of this approach is to try to get you to download an app that can steal your data. To ensure you don’t fall for a scam, check to see if a sticker has been placed on top of a QR code. If it looks like somebody tampered with a code, don’t scan it, and report it to the business where you found the fake code.

If you’re unsure of a code, check out the URL the QR code takes you to. If it’s not for the site you’re expecting, close out your browser immediately to prevent your device from potentially downloading any apps you don’t recognize.

Don’t enter your personal or payment information

If you’re using a QR code to make a payment or sign up for a service and you’re in a rush, it’s easy to forget to check the URL for the site you’re viewing. And that’s how cybercriminals get their victims.

To dodge this kind of scam, try to avoid entering your data in any web portal you access via a QR code. Instead, if you’ve got to make a payment or make an appointment for yourself, use the appropriate company or office’s website by typing in the URL on your own.