Gen Z most likely to fall for phishing attacks

A new survey reveals that 44 percent of all participants admit to having interacted with a phishing message in the last year. Gen Z stands out as the most susceptible demographic, with 62 percent reporting engagement with a phishing scam in the past year, significantly higher than other age groups.

Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across nine countries including Australia, France, Germany, India, Japan, Singapore, Sweden, the UK and the US. It explored individuals’ cybersecurity habits in both their workplace and personal lives.

“Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices,” says Ronnie Manning, chief brand advocate at Yubico. “It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44 percent of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education, and action must go hand-in-hand.”

The study shows that 70 percent of respondents believe phishing attempts have become more successful due to the use of AI, and 78 percent believe they have become more sophisticated. In fact, when shown a phishing email, 54 percent either believed it was an authentic message written by a human or were unsure.

Interestingly, age doesn’t seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognize the phishing attempt (Gen Z 45 percent, millennials 47 percent, Gen X and baby boomers, both 46 percent), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI.

It’s clear that many are not prepared to deal with attacks. Only 48 percent of respondents say their company uses MFA across all apps and services, and 40 percent report never having received cybersecurity training from their employer.

Despite low confidence in usernames and passwords (only 26 percent consider them to be the most secure), they remain the most common authentication method, used by 56 percent for work accounts and 60 percent for personal accounts.

“As cyber threats become more sophisticated, the good news is that the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world,” says Manning. “Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just ‘nice to have’ and has quickly become essential for staying secure in our rapidly changing digital landscape.”

You can get the full report from the Yubico site.

Image credit: thodonal/depositphotos.com