In reality, they've probably bought your password in a so-called "credentials dump" rather than hacking your computer. A credentials dump is when a major data breach takes place at an organisation such as LinkedIn or Ticketmaster (to name two real-life examples) then lists of logins are sold on the dark web.
CERT first warned about the scam in July and issued a fresh advisory this afternoon following a spike in complaints.
"We aren't able to share specific numbers of reports while a campaign is ongoing. However multiple reports are being received daily about this issue. This week we have received more than twice as many reports of webcam blackmail scams as the previous week," Ingram says.
"We know that scams like this prey on people being too embarrassed to seek help, so we assume that the reports we've received are only the tip of the iceberg."
CERT recommends you change passwords regularly and use different passwords for different services.
The agency says if you think you're the victim of a genuine blackmail threat, it should be reported as soon as possible because "digital evidence is fragile."
Law enforcement can be hard to navigate if you have a cyber complaint. CERT can report your case to police on your behalf to speed the process.
Report an incident via www.cert.govt.nz or call 0800 CERT NZ (0800 2378 69).
CERT recommends you check if your credentials are for sale by checking on this website.
CERT was created in April last year to deal with growing cyber-threats and received a $3.9m top up in this year's Budget, taking its total funding to $26.1m over its first four years of operation.