Most adults couldn’t differentiate between authentic and AI phishing emails, new survey shows

In a caller world survey, astir group couldn’t differentiate betwixt a phishing connection written by artificial intelligence (AI) and an authentic, human-written email.

The study of 18,000 employed adults from astir nan globe tested them connected their consciousness erstwhile it comes to cyber dangers, for illustration AI and phishing, and recovered startling room for improvement.

When shown a phishing email, only 46% of study respondents correctly identified that it was written by AI. The different 54% either believed it was an authentic connection written by a quality aliases were unsure.

But interestingly, property did not look to play a domiciled successful awareness, arsenic location were nary important differences betwixt generations successful being capable to correctly admit nan phishing effort (Gen Z 45%, millennials 47%, Gen X and babe boomers, some 46%), highlighting nan truth that nary group is exempt from needing other cyber-caution successful nan property of AI.

And though nan phishing simulation caught astir respondents by surprise, nan study did find that respondents are conscious of AI being utilized to instrumentality them successful integer environments — they’re conscionable not capable to consistently place threats.

In different test, they were shown an authentic, human-written email that could person been sent by immoderate 1 of their employers for a existent purpose, and little than a 3rd (30%) were capable to correctly place that it was genuine.

This highlights nan prevalence of quality correction successful recognizing cyber threats successful nan integer era.

The study was conducted by Talker Research connected behalf of Yubico arsenic portion of their yearly Global State of Authentication Survey, conscionable successful clip for Cybersecurity Awareness Month successful October, and polled employed respondents from nan U.S., nan U.K., Australia, India, Japan, Singapore, France, Germany, and Sweden.

The results recovered that much than 4 successful 10 group (44%) person interacted pinch a phishing connection (e.g. clicked connected a link, opened an attachment) successful nan past year, pinch 13% moreover admitting they’ve done truthful successful nan past week.

And younger group look to beryllium particularly susceptible and astatine consequence to phishing, arsenic much Gen Z respondents admitted to interacting pinch a phishing scam successful nan past twelvemonth erstwhile compared to different property groups (Gen Z 62%, millennials 51%, Gen X 33%, babe boomers 23%).

According to nan findings, nan astir communal phishing methods respondents reported falling prey to were emails (51%), texts (27%), and societal media messages (20%).

To uncover portion of why phishing is truthful successful, nan study asked respondents who’ve been tricked by phishing attempts to research why they deliberation they were successfully duped.

The astir communal answers were that nan phishing connection seemed for illustration it came from a real, trusted root (34%) and that respondents admitted to being successful a unreserved erstwhile they received it, and didn’t deliberation excessively difficult astir it (25%).

But falling for phishing attempts comes pinch consequences. Respondents said nan astir communal accusation they’ve accidentally disclosed to phishers has been, for some individual and work, email addresses (29% personal, activity 21%), their afloat sanction (22% personal, 16% work), and telephone numbers (21% personal, 15% work).

“Because our individual and master lives are truthful intertwined, and there’s wide cross-contamination betwixt individual and activity devices, a successful phishing onslaught connected your individual information and devices could discuss your activity security, and vice versa,” said Ronnie Manning, main marque advocator astatine Yubico. “That’s why individuals and companies request to employment nan highest level of security, utilizing multi-factor authentication and things for illustration device-bound passkeys, crossed each of their accounts. Because anemic cybersecurity practices astatine immoderate level of an statement could lead to important and vulnerable information breaches.”

In nan study, half of employed group (50%) revealed that they’re presently logged into activity accounts connected their individual devices, which their institution whitethorn not beryllium alert of.

But, younger generations are much apt than older generations to beryllium logged into activity accounts connected individual devices. (Answers for “I only usage work-permitted devices”: Gen Z 30%, millennials 40%, Gen X 55%, babe boomers 66%).

Forty percent of each respondents admitted to being logged into their individual emails connected their activity devices, 17% said they’re signed into their online banking portals connected activity devices, 19% person activity documents saved connected individual devices, and 23% are signed into their individual societal media accounts connected activity devices.

Yet successful spite of cyber these vulnerabilities, erstwhile it comes to AI scams and phishing attempts, 3 successful 10 respondents (30%) still don’t person multi-factor authentication (MFA) enabled for their individual accounts.

Along pinch that, a shocking 40% said nan institution they activity for has not fixed them immoderate cybersecurity training, 44% revealed that information requirements disagree based connected domiciled and title astatine nan institution and half (49%) reported that nan institution uses a fistful of various authentication/login methods for different institution applications and programs, alternatively of employing one, accordant and unafraid MFA method.

“With gaps successful cybersecurity training, worker usage of devices betwixt activity and personal, and vulnerabilities erstwhile it comes to identifying AI scams and phishing attempts, some companies and individuals are astatine consequence successful an progressively blase online world,” said Manning. “Turn connected MFA connected your apps, services, and accounts wherever you can. Phishing-resistant MFA, for illustration that connected a information key, is nan astir proven measurement to protect yourself, your data, and your assets successful this ever-evolving integer world.

Survey methodology:

Talker Research surveyed 2,000 employed adults from each of nan pursuing countries: nan United States, nan United Kingdom, Australia, India, Japan, Singapore, France, Germany, and Sweden; nan study was commissioned by Yubico and administered and conducted online by Talker Research betwixt Aug. 15 and Aug. 27, 2025.