"QR code scam" - a QR code is just a link. She essentially clicked a link and was phished (and didn't use 2FA) like most people.
Seems more like a tech-literacy issue that's still ongoing.
My last company had several execs falling for these and wasting company time and money. The average person just doesn't put in the due diligence when it comes to passwords and cybersecurity unfortunately.
Hopefully the bank can revert the transactions.