The story
One day at work, I received an email that appeared to originate from the same email address that received it. In that email, a man claimed that he had gained access to my email address, and through that, my device. He backed up this claim by telling me my own email password. He threatened to release alleged compromising information on me (browser history, webcam footage, etc.) to everyone in my contacts if I did not pay him roughly $800 worth of Bitcoin. He said I had 48 hours to comply, starting at the moment I opened the email.
Receiving that email terrified me to the core. However, there were a few things off about the email. First, the password given was an old password, not my current password. Second, though he claimed to be sending me an email through my email account, he did not have the same user photo.
Luckily, it was a student email address, and I was able to contact the university IT help desk. Essentially, we determined that the password was likely on a deep web somewhere, and this attempted extortionist simply mirrored his email to appear as if it was mine. I think we saw that his IP address was from Bangladesh or India or something like that.
I was not the only person who received an email like this. A few Google searches showed me that others were experiencing this same thing.
I reported the email as spam, moved on with my day, and his threats expired two days later with no action on his front. I received 3 more emails like this, worded slightly differently, over the next couple weeks.