In some implementations, an authentication device may receive information related to website browsing activity at a client device. The information related to the website browsing activity may include information associated with a web address for a current website where information associated with a virtual credential was entered. The authentication device may identify one or more valid web addresses associated with the virtual credential, which may be valid only for an entity associated with the one or more valid web addresses. The authentication device may transmit, to the client device, information to indicate whether the website browsing activity is authenticated based on a comparison of the web address for the current website where the information associated with the virtual credential was entered and the one or more valid web addresses associated with the virtual credential.