Scammers have used QR codes to steal personal information and install malicious software on phones. If you've taken any form of cyber security training for work or school then you know it's a bad idea to click on unknown links in emails you don't trust. You should apply the very same logic to QR codes, they are basically >IRL links.