Is AI fooling us all? Less than a third could tell a real email from a fake

In a recent global survey, most people couldn’t differentiate between a phishing message written by artificial intelligence (AI) and an authentic, human-written email.

The survey of 18,000 employed adults from around the globe tested them on their awareness when it comes to cyber dangers, like AI and phishing, and found startling room for improvement.

When shown a phishing email, only 46% of survey respondents correctly identified that it was written by AI. The other 54% either believed it was an authentic message written by a human or were unsure.

But interestingly, age did not seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognize the phishing attempt (Gen Z 45%, millennials 47%, Gen X and baby boomers, both 46%), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI.

And although the phishing simulation caught most respondents by surprise, the study did find that respondents are conscious of AI being used to trick them in digital environments — they’re just not able to consistently identify threats.

In another test, they were shown an authentic, human-written email that could have been sent by any one of their employers for a real purpose, and less than a third (30%) were able to correctly identify that it was genuine. This highlights the prevalence of human error in recognizing cyber threats in the digital era.

The study was conducted by Talker Research on behalf of Yubico as part of their annual Global State of Authentication Survey, just in time for Cybersecurity Awareness Month in October, and polled employed respondents from the U.S., the U.K., Australia, India, Japan, Singapore, France, Germany and Sweden.

The results found that more than four in 10 people (44%) have interacted with a phishing message (e.g. clicked on a link, opened an attachment) in the last year, with 13% even admitting they’ve done so in the last week.

And younger people appear to be especially susceptible and at risk to phishing, as more Gen Z respondents admitted to interacting with a phishing scam in the last year when compared to other age groups (Gen Z 62%, millennials 51%, Gen X 33%, baby boomers 23%).

According to the findings, the most common phishing methods respondents reported falling prey to were emails (51%), texts (27%) and social media messages (20%).

To uncover part of why phishing is so successful, the survey asked respondents who’ve been tricked by phishing attempts to explore why they think they were successfully duped.

The most common answers were that the phishing message seemed like it came from a real, trusted source (34%) and that respondents admitted to being in a rush when they received it, and didn’t think too hard about it (25%).

But falling for phishing attempts comes with consequences. Respondents said the most common information they’ve accidentally disclosed to phishers has been, for both personal and work, email addresses (29% personal, work 21%), their full name (22% personal, 16% work) and phone numbers (21% personal, 15% work).

“Because our personal and professional lives are so intertwined, and there’s widespread cross-contamination between personal and work devices, a successful phishing attack on your personal data and devices could compromise your work security, and vice versa,” said Ronnie Manning, chief brand advocate at Yubico. “That’s why individuals and companies need to employ the highest level of security, using multi-factor authentication and things like device-bound passkeys, across all of their accounts. Because weak cybersecurity practices at any level of an organization could lead to significant and dangerous security breaches.”

In the study, half of employed people (50%) revealed that they’re currently logged into work accounts on their personal devices, which their company may not be aware of.

But, younger generations are more likely than older generations to be logged into work accounts on personal devices. (Answers for “I only use work-permitted devices”: Gen Z 30%, millennials 40%, Gen X 55%, baby boomers 66%).

Forty percent of all respondents admitted to being logged into their personal emails on their work devices, 17% said they’re signed into their online banking portals on work devices, 19% have work documents saved on personal devices and 23% are signed into their personal social media accounts on work devices.