I received an email of the kind on an old account I never really use, which pretty much only receives trash now days. I checked the BTC address on bitcoinabuse.com, and it has receives 16 reports in less than 24 hours. In this case, the scammer provides a password that at some point I did use, which is not the account’s current password (nor do I believe it ever was).
Likely, the password and email are extracted from some site I registered to ages ago, the database was stolen/sold, and the scammer is using that info for his personalized emails. Many people use the same password everywhere and seldom change them, giving the impression that the email account has been compromised if the access codes are the same on multiple sites including the email account itself (which they shouldn’t).
The addy they used for me was an old sock puppet account I set up here a long time ago and hardly every used. They took a guess at the password but got it wrong I believe (but am to lazy to confirm.)
Know that bitcointalk.org has been hacked multiple times and the password/user database has been stolen (Thermos can correct me if I'm wrong about this.) Once and attacker has such a thing they can start trying to crack the passwords at a high rate of speed...and with alarming results...so use damn good passwords for important things people!
I think that after one of the earlier hacks the password database itself was locked down a little bit better than nothing, but in actual fact I've never had to work on such a project and am way out-of-date on current the current state-of-the-art and best practices these days.