This is silly. Most likely because of their mistakes people accidentally send private keys from their wallet. Moreover, we are small people who have nothing to steal. And even more so to guess the key of 64 characters is almost impossible.
It's not silly, and you're not even close to how people steal files and password information. The likely guess is that the email may contain a link to a website that has an exploit kit on it, delivering an encrypted botnet payload designed to steal wallet files and keylog the passwords.
Also the airdrops wallets they tell you to download may just have an encrypted botnet bind on the file as well that executes hidden when the other file executes.