That's a feature, not a bug. If the user can't load the redirection, they can't get phished! Problem solved.

If anyone complains, refer them to the security department to be audited. It's really rather suspicious when someone values doing their job above security.