Abstract: Identification of potential fraudulent website activity is performed based on log entry analysis. A log entry representing a user referral from an external referrer is processed to determine whether the referred user performed a log in procedure at a user account website of an organization. The external referrer is, for example, a phishing website. In one example, the referred user first accesses an enterprise website of the organization via the phishing website and subsequently accesses the user account website via the phishing website. In an alternate example, the referred user only accesses the user account website via the phishing website. Upon determining the referred user performed a log in procedure at the user account website, a fraud prevention system is notified.

Abstract: Identification of potential fraudulent website activity is performed based on log entry analysis. A log entry representing a user referral from an external referrer is processed to determine whether the referred user performed a log in procedure at a user account website of an organization. The external referrer is, for example, a phishing website. In one example, the referred user first accesses an enterprise website of the organization via the phishing website and subsequently accesses the user account website via the phishing website. In an alternate example, the referred user only accesses the user account website via the phishing website. Upon determining the referred user performed a log in procedure at the user account website, a fraud prevention system is notified.