Bluejacking is a method used by attackers to send out unwanted Bluetooth signals from smartphones, mobile phones, tablets, and laptops to other Bluetooth-enabled devices. Because Bluetooth requires relatively close proximity to the target device (usually within 30 feet), bluejacking must also be done within this range to be effective. Most bluejacking attacks involve sending the victim a text-based message, image, or video, and are typically just an annoyance. There is no overt "hijacking" of the user's device, just the reception of unsolicited media.
However, bluejacking can be used as a vector to carry out more insidious attacks. For example, you might be able to socially engineer a user into downloading malware or providing you with access credentials if you send a convincing message to their device over Bluetooth. The user may be more inclined to trust the message since Bluetooth is not as common as text-based or email-based phishing vectors.
Bluejacking does not require any specialized tools and can be simply performed by sending a message to nearby, discoverable devices using the attacking device's Bluetooth app. Bluejacking is ineffective when devices are in non-discoverable mode.
wikiHow