This phish typically originates from a non-Cornell account. The sender may appear as "Docs via Docus|Portal <[user]@icloud.com>". Do not reply to the sender nor scan the QR code. The QR code directs to a fake login page. If you entered your credentials in the page, change your NetID password immediately at https://netid.cornell.edu.
At Cornell we value your privacy. To view our university's privacy practices, including information use and third parties, visit University Privacy.