I am very confused because mew does not include an email address when making a wallet. but why hackers send emails to users. crypto users should be smarter to avoid cases like this.
Most likely they got tons of mails from previous crypto-related database-leaks and just send their phishing-mail to all addresses (using insecure mailservers etc.).
By the way:
https://haveibeenpwned.com/https://haveibeenpwned.com/PasswordsEasy way to find out if your password/email-address is contained in the most "common" leaks.