The data stored in a QR code can include website URLs, phone numbers, or up to 4,000 characters of text. QR codes can also be used to:
Direct users to a web page
Link directly to download an app on the Apple App Store or Google Play.
Authenticate online accounts and verify login details.
Access Wi-Fi by storing encryption details such as SSID, password, and encryption type.
Send and receive payment information.
Add contacts to your phone, or send messages to existing contacts
Direct your device to a malicious web page containing malware
Add fake contacts to the contact list.
Connect the device to a malicious network.
Send text messages to one or all contacts in a user’s address book.
Complete a telephone call to a telephone number that imposes charges on the calling phone.
Send a payment to a destination where it cannot be recovered.
Do not scan a randomly found QR code.
Be suspicious if, after scanning a QR code, a password or login information is requested.
Do not scan QR codes received in emails unless you know they are legitimate.
Do not scan a QR code if it is printed on a label and applied atop another QR code. Ask a staff member to verify its legitimacy first. The business might simply have updated what was their original QR code.