@Anomnomnomaly i agree that you should never scan qr codes, but i'd like to point out that if a company needs to update the url in one they'll often just put a sticker over the old one, because they don't care at all that it looks exactly like a scam. it's the same as when banks use weird 3rd party domain names for different parts of their website or emails, there's just no incentive for them to care since there's no regulations forbidding them from doing so. they're just going to continue training people to click on suspicious links (or scan qr codes) even though they look exactly like the sort of things that all the security trainings cry foul about

also if anyone uses zxing barcode scanner make sure to go into settings and uncheck "retrieve more info" so it doesn't ping the remote server when you scan a qr code