This type of action is more of an attack on the mind of the user, rather than on the device, to gain access to systems and information.
What to do:
- Avoid phishing scams and emails. Pay attention to unsolicited emails with attachments.
- Avoid baiting (don’t plug and open unknown USB drives).
- Don’t reveal personal information on social media. If is sounds to good to be true, don’t trust it.