Clicked email phishing link that sent emails out

See >>> Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

There are no true AntiVirus scanning products for iOS/iPadOS. Due to the sandboxed security architecture, an AV process is unable to scan the filesystem.

Providing that you have not attempted to jailbreak your device - or have bypassed protections by side-loading third-Apps (if you don’t know what this is, then don’t worry about it), then it is highly unlikely that your device will have been infected malware. Short of erasing the iPad in its entirety, there is very little that you can do retrospectively - other than to make independent contact with those to whom you believe the malicious email may have been forwarded.

However, there is one potential source of immediate issues with your iPad that you may need to check - this being for a vulnerability that is often exploited that gives the appearance of a malware infection. This involves your iPad/iPhone Calendar - the symptom being your Calendar appearing to have been populated with regular events that create unexpected alerts or warn of malware infection.

Calendar Infection

Whilst not a malware infection in the traditional sense, if this exploit is observed on your device, it is highly probable that you were manipulated (via a simple click on a website link) into “subscribing” an additional (unwanted) Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected “adverts” or other warnings. 

If you see this issue, you’ll need to check for what’s out of place...

iOS/iPadOS13 and earlier: Settings > Passwords and Accounts

iOS/iPadOS14: Settings > Calendar > Accounts

Look for an “account” that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When/if you find the suspect account, tap - then select Delete Account. This should resolve this specific problem in its entirety.

As with all computer systems, there are vulnerabilities and exploits to which you are potentially vulnerable...

Providing that your iPad or iPhone has been kept up-to-date with system software updates, you should not be overly concerned for your iPad being directly compromised by malware. For older devices, no longer benefiting from regular security updates, the risk of an unpatched vulnerability being exploited increases. Regardless of the installed version of iOS/iPadOS, there are useful mitigations that can be used to significantly reduce your exposure to risk.

If you have given your personal details to a malicious website, this may be the cause of attempted fraud. If necessary, change account passwords (including your AppleID Password) if you suspect that they may have been compromised. If you have cause to believe that your AppleID has been compromised, follow the advice outlined here:

If you think your Apple ID has been compromised - Apple Support

If you have exposed your Credit Card details, you may wish to contact the Card Issuer - who may cancel and reissue your Card as a precaution.

Continued...

Threat Mitigation

Other than malicious websites that will attempt to capture information that you willingly enter, the majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email or other messaging platforms. Browser-based attacks can be largely and successfully mitigated by installing a good Content and Ad-blocking product. One of the most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024

1Blocker is highly configurable - and crucially does not rely upon an external proxy-service (of dubious provenance) as utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead 1Blocker creates a customised rule-set that is processed "on device" by the OS; contrary to expectations, Safari will run faster and more efficiently.

Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content is blocked from download. The 1Blocker product has also introduced an optional “Firewall” function - that is explicitly designed to block trackers. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker have introduced additional network extensions, extending protection to other Apps.

DNS

A further step to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in device Settings, or may be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. Of available specialist DNS service providers, consider using one of the following - for which IPv4 and IPv6 server addresses are listed here:

Quad9 (recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9

OpenDNS

208.67.222.222

208.67.220.220

2620:119:35::35

2620:119:53::53

Cloudflare

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Security focused DNS providers intentionally "sink hole" known bad or malicious websites and resources - this providing an additional layer of protection beyond that provided by your device and its Operating System. These DNS services will, when used alongside 1Blocker or other reputable Content Blocker, provide defence in depth.

Advanced Techniques

There are advanced techniques to further “harden” iOS/iPadOS - such as using DoH, DoT and DNSSEC to access encrypted DNS services. While fully and effectively supported by iOS/iPadOS, Apple doesn’t expose this capability via device settings - but there are easy ways to access this functionality. A really easy way to set and manage DoH/DoT settings is to use a third-party utility App - DNSecure:

https://apps.apple.com/app/dnsecure/id1533413232

This App does exactly what is needed to effectively configure DoH/DoT - and is free to download and install. Many DNS providers are already preconfigured - including Quad9 and Cloudflare. Additional secure DNS providers can be added if required.

Apple has introduced its new Private Relay service to its iCloud+ subscribers - in part employing ODoH (a variant of DoH) as an element of this new functionality. If you have subscribed to iCloud+, and have a device capable of running iOS/iPadOS 15.x or later, this feature is included in your service subscription.

She sent out the email invites by clicking on it. No virus was sent to the iPad. You need to tell here never click on an email that she doesn’t know who the sender is.

Click on an email can’t send an email to your contacts.