One attacker tried to download an archive containing HTML, graphics and scripts to create a Paypal phishing site. The site was designed to look like the real Paypal web site, but would have recorded usernames and passwords in a file residing on the web server. The attacker could then have retrieved this file later. For more information on phishing techniques, see Know Your Enemy: Phishing. Another attacker downloaded a similar phishing page for Orkut, Google's social networking site. In this case, the fake site would have emailed the username and password to a Gmail account controlled by the attacker.