Scanning a QR code using a phone or tablet can cause malware to be installed in the device. The QR code may also be a phishing scheme, and small phone screens provide only a limited view of a website, which makes the site easier to fake. The small screen also hides a lengthy URL so that the address in view seems valid.
QR codes can extract a user's contact list for spam or other nefarious purposes. They can also be used to pinpoint a user's location and create a calendar event, both of which can be used in conjunction with other attack methods to rob the user. A QR code can be used to gain control of an app or the OS itself. In summary, although the overwhelming majority of QR codes are used for legitimate purposes, some are nefarious. See
QR code,
malware,
attack vector and
phishing.