QR codes are everywhere: menus, parking meters, flyers, packages, and email attachments. The problem? A QR code is just a link in disguise, and you can’t tell where it leads by looking at it. Scammers exploit that with “quishing” (QR-code phishing), codes that send you to fake login pages or malware. University IT advises users to scan with caution.

• Preview the URL before opening. Your phone’s camera shows the web address first. Check that it’s the real, expected site before tapping.
• Be extra skeptical of codes in emails and texts, especially ones creating urgency using language like verify your account, your package is held, or pay now.
• Use your built-in camera, not a random ”QR scanner“ app from an app store.
• Stop if it asks you to log in or pay. Navigate to the site directly through a browser or app you trust instead of through the code.
• When something feels off, don’t scan.