- Yubico’s study finds that almost half of respondents interacted with phishing emails in last year
- The Z generation emerges as the most vulnerable demographic group for Phishing attacks
- Passwords are still dominant despite the low confidence in their real security force
Phishing’s emails have advanced to the point that many people can no longer notice the difference between real and fraudulent messages, as affirmed by new research.
A Yubico survey found that almost half (44%) of respondents interacted with at least a Phishing message in the last year, through actions such as clicking on a link or opening an attached file.
More than half of the participants assumed that a Phishing message was authentic or admitted that they were not sure, showing how much attackers they now trust the deception instead of the technical defects.
The most exposed younger users
It was discovered that generation Z was the most susceptible, with a 62% participation in phishing scams in the last year, a much higher figure than other age groups.
Interestingly, when it came to recognizing phishing attempts, the differences between generations were insignificant.
This suggests that although younger users interact more frequently with suspicious content, the general challenge of identifying phishing is still universal in all age groups.
Unfortunately, people’s security practices and organizations are raising serious concerns.
“Our survey revealed a disconnection. People are complacent about ensuring their own online accounts, and organizations seem slow to adopt best security practices,” said Ronnie Manning, defender of the Chief brand of Yubico.
Despite the generalized recognition that user names and passwords are insecure, they are still the most common authentication method for personal and labor accounts.
Less than half of the companies have implemented multifactor authentication in all applications, and 40% of employees reported that they did not receive cybersecurity training.
Even for personal email accounts, which often serve as a bond doors to critical services such as banking and mobile operators, almost a third of users still lack multifactor authentication.
However, there are foci of progress, especially in France, where multifactor authentication adoption for personal accounts increased from 29% by 2024 to 71% in 2025.
This marks an acute change in attitudes towards safer login methods.
At the same time, concern for artificial intelligence is rapidly increasing in countries such as Japan and Sweden, where apprehension has more than duplicated in a year.
Trust in advanced authentication methods is also beginning to grow, particularly in the use of hardware -based options, such as security keys and will see.
Both the United Kingdom and the United States reported a marked increase in the number of people who see these tools as the safest available.
While Phishing attempts are evolving at an alarming pace, the gradual adoption of phishing resistant authentication suggests a potential path to follow.
“Both people and organizations have the power to protect themselves by adopting these phishing resistant solutions today. Clearly, modern MFA is no longer” pleasant to have “and has become quickly essential,” Manning added.
For now, the gap between consciousness and protection remains broad, leaving people and organizations exposed to increasingly convincing attacks.
