Using the Google forms test/survey - the field on the form that you have to give your email, and receive the proper answer for the questions from the survey.
Using the Facebook you can get the information that your account has been blocked and if you want to unblock, you have to go to the service and fill the form. When you click on the link, you can see that the link direct you to the real Facebook site with https address but it’s not a documentation of the Facebook but the private Facebook fanpage and then you can find another link to the form that you have to fill to unblock the account when you click on link it directs to the malware
Another common tactic involves fake PayPal invoices. These invoices may appear legitimate but contain warnings that they might be fake. If you don't recognize the payment, you're advised to call a provided phone number. However, calling this number could lead to charges - it representing a reverse method of attack where the victim initiates contact.
These examples illustrate attacks that exploit trusted services like Dropbox or iCloud. In one case, a hacker stole data from a company named Meridian Link. When they didn't receive a ransom, they accused a second institution of losing the data and failing to notify authorities within 72 hours.
Be aware that your personal identification number (PESEL in Poland) can also be targeted in such scams. Always exercise caution and verify the authenticity of requests involving personal or sensitive information."