hacked my web iPad camera

Here is how to Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

And how to Identify legitimate emails from the App Store or iTunes Store - Apple Support

You will want to enable Two-factor authentication for Apple ID - Apple Support as that makes losing control of your Apple ID more difficult.

I routinely get mail with threats and with copies of my old passwords. Which are scams. The folks have used breaches of web searches to find old passwords and email addresses, and they’re now trying those credentials in other services, and they’re trying to get me to pay directly because they have an old password. There are many variations of these scams. (ps: don’t re-use passwords.)

Still a scam. Delete the email, and move on with your day. Never, never, never interact with the sender of those messages.

You won’t need anti-malware.

iPad blocks the cross-system access that is required for anti-malware, as the anti-malware is here indistinguishable from the activities of malware. Some well-known anti-malware has been collecting and selling your browsing history and purchasing history, too. The malware here has to get through these blocks, plus the Apple app reviews, so there’s very little around.

Put differently, keep patched to current, and you’ll do fine. Don’t install add-on VPN clients or such (save those specifically required to access an affiliated organization’s internal network), and you’ll very likely do just fine—where folks are getting in trouble is not with iPadOS security, but with getting phished.

To be clear, there is some malware for iPadOS and iOS. It’s rare, expensive, and typically reserved for use against folks of high interest to very well-funded attackers. It’s not the same sort of malware dreck that plagues Windows users.

Oh, and scammers will lie.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

No, all such messages are scams. Simply delete the email, and do not interact with the scammers.

So there is no anti-malware we need to find at the App Store to scan our iPads with? The scammer states they placed keylogger/datalogger malware by way of the site we were on, but am I correct that iPads are not susceptible to that, as well as the camera-hacking notion? The script/font in the email looked Russian. The password they quoted I've used for many inconsequential sites over decades, so I'll change that, but I suppose I can look forward to more of these emails over time unless I also change my email address, a much more time-consuming endeavor?

Thanks for the info. As it happens, I use in an old Vista laptop the anti-malware product mentioned in your linked article. At least the worst of that got shut down, thanks to the article and our astute Senator; but not before I'd used that machine the few infrequent times I did since Vista went unsupported.

The Apple report-phishing server sometimes requires the mail to be compressed or attached or wrapped, or it gets rejected.

Silly, yes, but it happens.

I’d hope that Apple is building in support for detecting phishing and for reporting phishing into the Apple tools (mail, calendar, etc), but that’s all fodder for other discussions.

Catalina and the upcoming release (with the kext-related changes) both have substantial security upgrades, as do the new Mac systems with the T2 security hardware and the equivalent hardware on the iPad and iPhone, so the folks at Apple have been and are continuing to work on security upgrades.

The most prevalent mess arising for most folks is phishing, and unfortunately that’s getting better and better targeted.

Understood. This is exactly how these scammers work. They have purchased thousands, perhaps millions of user names and passwords that were obtained from hacked web sites. They are now trying to make money of victims that are scared by their bogus emails. Don’t be one of those victims.

I also note that when I tried to forward the email to spoof and spam investigative entities, including reportphishing and reportphishing@apple.com, their servers all refused to accept it.