Welp, like you say, using HTTPS would have potentially kept this from happening, but if you’d ever accessed your email from an Internet Cafe during your (impressive!) travels, there could have been a keylogger installed between keyboard and PC, so HTTPS would not have protected you.

Personally, I have one of those slide-window stick on covers over my laptop camera. I open it if I’m doing some kind of video call, but it’s normally closed.

For both phone and laptop, I use OpenVPN to get connected to my home base, connections are referred through there to, well, wherever. The nice thing about OpenVPN is that it adds very little overhead, and reconnects as I move from one IP address to another (cell tower handoffs, different wifi access points, etc.).

These days, both gmail and outlook (and many others) allow 2FA to protect your email account. I’m very big on Yubikey, as there’s a NFC version (press it to the back of your mobile device to show you have it).

All that said, unless you’re foolish enough to use the same username/password to login to your PC and for your email, it’s unlikely that this ‘hacker’ has installed anything on your PC — ever. This is a con. I saw this happen to a coworker. Login User IDs and Passwords got exposed on a site (doesn’t matter which one). He was using the same ones in a number of places, including that site and his email. He started getting emails demanding payment or else some private information would be exposed to all his contacts. It was a scam. All the ‘hacker’ had was an old username/password that my coworker was no longer using. Sound familiar?