They evade normal filtering because the initial link can look legitimate while the malicious hop happens later in the authentication flow. URL tools often evaluate the first destination or a simplified link reputation, but ADFS abuse turns the redirect itself into the attack path. That means the control failure is in flow visibility, not only domain blocking.
Why This Matters for Security Teams
ADFS-based phishing is not just a link-filtering problem. It exploits the authentication sequence itself, so the first URL can appear benign while the malicious outcome is delivered through redirects, token prompts, or proxy-trusted identity flows. That makes reputation-based filtering incomplete unless the security stack can inspect the full browser path and authentication context.
This matters because identity providers are trusted by design, and attackers know that a legitimate ADFS surface can bypass controls that focus on domain blocking alone. NHI Management Group’s Ultimate Guide to NHIs shows how often identity weaknesses become operational incidents, and the same pattern appears here: the control gap is visibility into the flow, not just the destination. External guidance from CISA cyber threat advisories consistently treats identity abuse and redirect chaining as high-value attacker tradecraft. In practice, many security teams encounter ADFS abuse only after a user has already authenticated, rather than through intentional detection of the redirect chain.
How It Works in Practice
ADFS phishing commonly starts with a link that resolves to a legitimate-looking identity touchpoint, then uses chained redirects, login prompts, or injected parameters to move the victim into an attacker-controlled endpoint. URL filtering tools often evaluate the initial domain, a short-lived redirect, or a categorized destination without fully modelling the sequence of hops. That is why a “safe” first click can still end in credential capture or session interception.
The practical defense is to shift from static URL reputation to flow-aware inspection. Security teams should correlate the requesting domain, redirect behavior, and authentication context, then apply policy at the session level rather than only at click time. Current guidance suggests pairing email and web filtering with identity telemetry, conditional access, and browser isolation for high-risk authentication flows. This aligns with 52 NHI Breaches Analysis, which reinforces how identity compromise often spreads through trusted systems before detection.
- Inspect the full redirect chain, not only the first URL reputation score.
- Log ADFS sign-in attempts with source IP, user agent, and relay-state anomalies.
- Block or challenge authentication from newly observed or mismatched contexts.
- Treat claims-based sign-in pages as high-risk when they appear outside expected enterprise patterns.
Teams should also use threat intelligence from Anthropic’s first AI-orchestrated cyber espionage campaign report as a reminder that automated abuse scales quickly once a trust path is found. These controls tend to break down when ADFS is exposed to unmanaged devices or legacy reverse proxies because the authentication flow and redirect visibility become fragmented.
Common Variations and Edge Cases
Tighter redirect inspection often increases user friction, requiring organisations to balance phishing resistance against login latency and false positives. That tradeoff is especially visible in federated environments, where SSO, conditional access, and third-party SaaS all depend on the same trust chain.
There is no universal standard for this yet, but current best practice is to treat ADFS abuse as an identity assurance problem rather than a URL reputation problem. Some environments rely on email security gateways alone, while others add DNS filtering, endpoint isolation, or token-bound authentication checks. The strongest programs combine those layers with continuous monitoring of federation events and anomalous relay-state values. NHI Management Group’s Ultimate Guide to NHIs — Why NHI Security Matters Now highlights how identity trust assumptions are frequently the real attack surface, even when the visible URL looks harmless. Teams should also compare cases with the OWASP NHI Top 10 to understand how trust chaining and control bypass emerge across identity-dependent systems.
Edge cases include mobile clients, embedded webviews, and partner federations where redirect chains are harder to inspect and legitimate variance is high. These environments need tighter allowlisting and stronger authentication telemetry because normal URL filters lose context when the browser, identity provider, and target application all behave as separate trust domains.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-04 | Covers trust chaining and identity abuse across federated flows. |
| OWASP Agentic AI Top 10 | A-04 | Highlights prompt and tool-flow abuse through trusted execution paths. |
| NIST AI RMF | GOVERN | Supports governance for identity-aware risk management in dynamic flows. |
Define ownership and monitoring for authentication flows as governed AI-adjacent risk.
Related resources from NHI Mgmt Group
- Why does malvertising create a different phishing problem than email-based attacks?
- What do security teams get wrong about browser-based phishing defence?
- How should security teams defend against phishing when attacks move beyond email?
- Why do browser-native phishing attacks complicate IAM controls?
