Take a good look first: Make sure the QR code is legit, especially printed codes, which can be pasted over with a different (and potentially malicious) code.

Only scan codes from trusted entities: Mobile users should stick to scanning codes that only come from trusted senders. Pay attention to red flags like a web address that differs from the company URL — there’s a good chance it links to a malicious site.

Watch out for bit.ly links: Check the URL of a bit.ly link that appears after scanning a QR code. These links are often used to disguise malicious URLs, but they can be safely previewed by adding a plus symbol (“+”) at the end of the URL.