Recent global surveys have revealed that many individuals struggle to tell the difference between phishing messages generated by artificial intelligence (AI) and those crafted by actual people.
A study involving 18,000 adults worldwide assessed their understanding of cyber threats like phishing and AI, highlighting a considerable gap in awareness.
In fact, only 46% of respondents managed to correctly identify AI-generated phishing emails, while 54% expressed uncertainty, thinking they might be legitimate messages from humans.
Interestingly, there wasn’t a significant generational difference in the ability to recognize these phishing attempts. For example, Gen Z scored 45%, Millennials 47%, and both Gen X and Baby Boomers were at 46%. This suggests that age isn’t a determining factor in spotting these threats, indicating a wider issue across demographics.
Though many found the phishing simulations surprising, respondents generally understood that AI is employed to deceive them online, yet they struggled to consistently identify actual threats.
In another test, an email supposedly written by a real person—one that an employer might send—had less than a third of participants (30%) correctly recognizing it as genuine.
This situation points to a significant human error in spotting cyber threats today.
The study, undertaken by Talker Research for Ubico, formed part of an annual global certification survey ahead of October’s Cybersecurity Awareness Month. It included participants from various countries, including the US, UK, Australia, India, Japan, Singapore, France, Germany, and Sweden.
Results indicated that over 40% (44%) of respondents had interacted with phishing messages in the past year, including 13% admitting to doing so just last week.
Younger individuals appear to be particularly vulnerable; more Gen Z respondents (62%) reported falling victim to phishing scams than their older counterparts (Millennials at 51%, Gen X at 33%, Baby Boomers at 23%).
Common phishing methods identified included emails (51%), texts (27%), and social media messages (20%).
To better understand why phishing was so effective, the survey probed into the thoughts of those who had been fooled. The most frequent reason cited was that phishing messages seemed to originate from trustworthy sources (34%). Additionally, 25% admitted they acted quickly or without much thought when encountering them.
However, falling for phishing attempts has real consequences. Respondents noted they often shared important information with phishers, revealing personal details like email addresses (29%) and full names (22%), as well as work-related information.
“Personal and work lives are closely intertwined today, creating a risk of cross-contamination between personal devices and work tools. Successful phishing can jeopardize job security. Therefore, both individuals and organizations should ensure robust security measures, like using multifactor authentication and secure passkeys,” one expert emphasized.
The survey findings show that half of the employed participants are logged into work accounts on personal devices, often without their company’s knowledge.
Notably, younger generations are more prone to access work accounts through personal devices compared to older groups. Responses indicated that Gen Z, Millennials, Gen X, and Baby Boomers access their work accounts on personal devices at rates of 30%, 40%, 55%, and 66%, respectively.
Moreover, 40% admitted to checking their personal emails on work devices, while 17% accessed online banking and 23% connected to personal social media accounts through their work devices.
Despite these vulnerabilities, nearly 30% of respondents hadn’t set up multifactor authentication (MFA) on their personal accounts to combat phishing attempts. Alarmingly, 40% reported that their employers don’t provide cybersecurity training, with half indicating that security measures vary based on job titles.
One expert pointed out the multi-faceted vulnerabilities present in organizations today, stressing the importance of activating multifactor authentication where possible as a key measure against phishing attacks.
Research method:
The survey was conducted by Talker Research and involved 2,000 employed adults from various countries. It was managed online from August 15 to August 27, 2025, and commissioned by Yubico.
