Over the last several years you’ve probably noticed QR Codes popping up more and more: from restaurant menus to gas pumps, those camera-scannable blocks can quickly link you to websites, payment methods, and more.

Unfortunately, the bad guys have been noticing this trend as well and have started using QR Codes as part of sophisticated phishing attacks, which some experts are calling “quishing.” There seem to be several reasons for the rise in these attacks, including the fact that people have gotten much better at avoiding traditional phishing emails and text messages. Automated systems that detect spam and malicious messages have also gotten better over the past few years, which could also explain why criminals are using QR Codes to obfuscate malicious URLs and other potentially harmful data.

Considering the increase in the number of attacks being spotted in the wild, it would be a good idea to incorporate warnings about the risks of scanning unknown QR Codes in your next round of cybersecurity training and phishing tests. Smartphone manufacturers are responding to this threat as well, with most built-in camera apps now requiring confirmation before opening a link from a QR Code. This can allow the user to scrutinize the URL and make sure it’s going to take them where they want to go.

Using multi-factor authentication on your devices can also help mitigate a potential quishing attack, but watch out, multi-factor authentication verification emails are themselves a popular target for criminals. “Quishing” may be new, but the best way to avoid these attacks, awareness, remains the same.