An anonymous reader writes: It turns out that people scan QR codes simply because they are curious, not because the want information about a product. [Un]fortunately, curiosity is also a primary motivator for phishing campaigns used by scammers. In a recent study CMU researchers performed a QRishing (QR code phishing) experiment placing various types of QR codes around Pittsburgh. Besides finding that curiosity was the chief reason people scanned, it was also obvious that men are much more likely to fall victim to this scam.
In the real world, this attack would likely have been far more effective since these researchers were handcuffed by ethical research rules. Attackers could place QRcodes over existing ones or deface public property like parking meters. Heck, who wouldn't scan a QR code stick that had been placed on the neighborhood cat?
With the incredibly long and spurious patch cycle for today's Android devices, scanning a QR code could result in a bad guy having complete control of your mobile phone. Be wary next time you see one of these codes, certainly use a reader app that at least shows you the URL before launching your, probably old, browser!