Only 46% can spot AI-generated phishing emails, according to survey

A global survey of 18,000 employed adults found that only 46% could correctly identify AI-generated phishing emails, while 54% either believed they were authentic human-written messages or were unsure. The findings reveal a critical vulnerability in cybersecurity awareness as artificial intelligence makes phishing attacks increasingly sophisticated and harder to detect across all age groups.

What you should know: The inability to distinguish AI-generated threats spans all generations, with no significant differences in detection rates between age groups.
• Gen Z correctly identified AI phishing attempts 45% of the time, millennials 47%, and both Gen X and baby boomers 46%.
• When shown genuine human-written emails, less than a third (30%) could correctly identify them as authentic, highlighting widespread confusion about digital communication authenticity.
• The survey was conducted by Talker Research on behalf of Yubico, a cybersecurity company, across nine countries including the U.S., U.K., Australia, India, Japan, Singapore, France, Germany, and Sweden.

The big picture: Phishing attacks are becoming more frequent and successful, with younger generations showing higher vulnerability rates.
• More than four in 10 people (44%) have interacted with phishing messages in the last year, with 13% admitting to doing so within the past week.
• Gen Z respondents were most susceptible, with 62% falling for phishing scams in the past year, compared to 51% of millennials, 33% of Gen X, and 23% of baby boomers.
• The most common phishing methods were emails (51%), texts (27%), and social media messages (20%).

Why people fall for scams: Survey respondents who were successfully phished identified key factors that led to their deception.
• The most common reason was that phishing messages seemed to come from real, trusted sources (34%).
• A quarter of respondents (25%) admitted they were rushing when they received the message and didn’t think carefully about it.
• Common information accidentally disclosed included email addresses (29% personal, 21% work), full names (22% personal, 16% work), and phone numbers (21% personal, 15% work).

Security vulnerabilities in the workplace: The survey revealed concerning gaps in cybersecurity practices across personal and professional device usage.
• Half of employed people (50%) are currently logged into work accounts on personal devices, potentially without their company’s knowledge.
• Younger generations are more likely to mix personal and work device usage, with only 30% of Gen Z using exclusively work-permitted devices compared to 66% of baby boomers.
• Forty percent admitted to accessing personal emails on work devices, while 17% access online banking and 23% use personal social media on company equipment.

What they’re saying: Cybersecurity experts emphasize the interconnected risks of personal and professional digital security.
• “Because our personal and professional lives are so intertwined, and there’s widespread cross-contamination between personal and work devices, a successful phishing attack on your personal data and devices could compromise your work security, and vice versa,” said Ronnie Manning, chief brand advocate at Yubico.
• Manning recommends that “individuals and companies need to employ the highest level of security, using multi-factor authentication and things like device-bound passkeys, across all of their accounts.”

Security gaps remain widespread: Despite growing cyber threats, many individuals and organizations lack adequate protection measures.
• Thirty percent of respondents don’t have multi-factor authentication enabled for personal accounts.
• A shocking 40% said their employers haven’t provided cybersecurity training.
• Nearly half (49%) reported their companies use multiple authentication methods for different applications instead of one consistent, secure system.