CamPhish Scam: How Attackers Steal Your Camera Photos

April 28, 2026

CamPhish Scam: How Attackers Steal Your Camera Photos

A growing social engineering attack uses fake websites to secretly capture photos from your phone or computer camera. The tool “CamPhish” makes this disturbingly easy for attackers.

How CamPhish Attacks Work

The Attack Flow

1. Lure Website: Attacker creates a fake page (fake YouTube Live, Online Meeting, Festival Wishes)
2. Phishing Link: Uses tunneling services (ngrok, Cloudflare) to host the page publicly
3. Target Sends Link: Victim receives link via message, email, or social media
4. Camera Permission Request: Page asks “Allow camera access to join video call”
5. Photo Captured: If victim clicks Allow → attacker gets webcam screenshot + GPS location

Common Lures Used

🎥 “YouTube Live” - “Click to watch exclusive video”
📹 “Online Meeting” - “Your video call is waiting”
🎉 “Festival Wishes” - “Send your friend a birthday surprise”
💼 “Job Interview” - “Join your scheduled interview”