As someone who’s experienced the same thing, some of the messages I received were shockingly well written.
The fake “find my” site they tried to use to convince me to log into my iCloud account was wildly convincing, if not for the index.php at the end of the URL - something Apple would never configure for service endpoints.
They continued to try - but never threatening. However I never engaged and eventually they just stopped trying.