hacked and threatened, but not really worried

I go through a twice- or thrice-daily routine of tossing out spam emails.  Because I've set my filter not to accept any emails that lack "Kevin" or "hairy" in the subject line, 99.99999% of unwanted emails are screened, i.e., shunted into my trash can.  (Fine, I made that percentage up, but it means "almost all.")  Now and again, I quickly skim through the spam before I delete it, partly to make sure I'm not deleting non-spam items, and partly because, truth be told, some of the spam-email subject lines are interesting or even funny.

Today, one email stopped me cold because the subject line contained an old password of mine.  I haven't used this password in well over a year, and Google Chrome has repeatedly warned me for months about how the password has indeed been "compromised."  I decided to risk clicking on this email to see what the malicious party had to say... and it turned out to be a threat of blackmail.  The sender claimed he had found my password by following my online activity and had used my old password to insert malware into my computer, and if I didn't send him over $1000 via Bitcoin within a specific period, he would release my email-contact information.  At first, I was a bit freaked out, but when I calmed down, I realized a few things:  (1) except for a couple sites that I frequent (my US bank's online-banking service, Chicago Manual of Style Online), I don't use that password for anything anymore; (2) the guy (I'm pretty sure it's a guy) never addressed me by name; (3) despite having my old password, the guy never thought to access my bank account and siphon the cash out for himself.  Instead, he's doing the blackmail thing, which is a lot more work, in my opinion.

So here's what I've done:  I've changed my password for my online-banking service; I've chased down any other instances in which my "compromised" password might be an issue (Chrome said I had four such instances, which was news to me), and I've remade the passwords using Chrome's "suggest strong password" function, then used the keychain mode so that my browser has memorized all my passwords (which, I admit, may itself be problematic).  When I go home tonight, I'll re-upload my Norton antivirus software, which got flushed out back when my laptop died and was resurrected a few months ago.  That ought to root out any potential malware, but here's the thing:  I think the guy is full of shit.  Yes, my old password got compromised long ago; it's been floating out in cyberspace for well over a year, and (except for my bank) it's linked to sites that are of no consequence to me.  But how likely is it that this genius—who didn't think to hack my bank account and doesn't seem to know my name—actually managed to install any malware on my laptop?  I'd say very unlikely.  So the last thing I did was delete his email.  If the guy makes good on his threat, I suppose I'll hear from my various email contacts.  "Yo, Kevin—porn spam with your name on it?  What gives?"

I seriously doubt I'm going to hear anything more from this joker.  If I do, though, I'll let you know, and I'll take appropriate measures.

EPILOGUE:  I just received another email with exactly the same content, but this time from someone with a different name.  Conclusion:  this is just a spam scam based on the lazy culling of compromised passwords.  Now that I've gotten two of these in one day, I can expect there to be more of these emails.  This is just a new type of spam, is all.  Yawn.