- The Yubico study finds that almost half of the respondents interacted with phishing emails in the past year
- Generation Z appears to be the most vulnerable demography to phishing attacks
- Passwords remain dominant despite low confidence in their real security force
Phishing emails have advanced to the point where many people can no longer differentiate between real and fraudulent messages, said new research.
A Yubico survey revealed that almost half (44%) of respondents interacted with at least one phishing message in the past year, thanks to actions such as the click of a link or the opening of an attachment.
More than half of the participants assumed that a phishing message was authentic or admitted that they were not sure, showing how the attackers are now counting on deception rather than on technical defects.
Most exposed younger users
Generation Z has proven to be the most sensitive, with 62% with phishing scams in the past year, a figure much higher than other age groups.
Interestingly, when it comes to recognizing phishing attempts, the differences between generations were negligible.
This suggests that although the youngest interact more frequently with suspicious content, the overall challenge for the identification of phishing remains universal between age groups.
Unfortunately, the safety practices of individuals and organizations raise serious concerns.
“Our investigation revealed a disconnection. Individuals are complacent about securing their own online accounts, and organizations seem slowly adopting best security practices, “said Ronnie Manning, brand chief lawyer Yubico.
Despite the general recognition that user names and passwords are not safe, they remain the most common authentication method for personal and work accounts.
Less than half of the companies have implemented multi-factor authentication in all applications, and 40% of employees said they received any cybersecurity training.
Even for personal messaging accounts, which often serve as bridges to critical services such as banking operations and mobile operators, almost a third of users still lack multi-factor authentication.
However, there are pockets of progress, especially in France, where the adoption of multi-factory authentication for personal accounts increased from 29% in 2024 to 71% in 2025.
This marks a clear shift in attitudes towards more secure connection methods.
At the same time, concerns about artificial intelligence increases quickly in countries like Japan and Sweden, where apprehension has more than doubled in a year.
Confidence in advanced authentication methods also begins to develop, in particular in the use of hardware options such as safety keys and Pass keys.
The United Kingdom and the United States have reported a marked increase in the number of people considering these tools as the safest available.
While phishing attempts evolve at an alarming rate, the progressive adoption of phishing resistant authentication suggests a potential path to follow.
“Individuals and organizations have the power to protect themselves by adopting these phishing resistant solutions today. The modern MFA is clearly no longer “pleasant to have” and quickly became essential, “added Manning.
For the moment, the gap between consciousness and protection remains wide, leaving individuals and organizations exposed to increasingly convincing attacks.
