A new global survey from Yubico reveals a troubling cybersecurity trend: 62% of Gen Z respondents said they had engaged with a phishing message in the past year, the highest rate among all age groups. The findings come from Yubico’s 2025 Global State of Authentication survey, conducted across nine countries with 18,000 employed adults.
The survey points to a broader crisis in digital hygiene. Overall, 44% of participants admitted to interacting with a phishing message in the past year. The data shows a growing disconnect between how secure people think they are and how they actually behave online.
Key Findings & Shifting Attitudes
One striking discovery: a majority of respondents, 70%, believe phishing efforts have become more effective with AI, while 78% say these scams have become more sophisticated. Nearly 54% of participants, when shown a phishing email, believed it was crafted by a genuine person or were not sure.
Despite these concerns, authentication practices remain weak. Only 48% said their companies use multi-factor authentication (MFA) across all tools. Disturbingly, 40% never received any cybersecurity training from their employers.
Most still rely on passwords: 56% use them for work accounts and 60% for personal ones. Even though only 26% consider passwords secure, many have not shifted to stronger alternatives. Alarmingly, 29% admitted they do not use MFA for personal email accounts, despite the fact that these are often gateways to banking, healthcare, and social platforms.
The survey also shows notable growth in MFA and passkey adoption globally. In France, personal MFA usage skyrocketed from 29% to 71% within a year. In the UK, adoption of passkeys and hardware security keys rose from 17% to 37%, while the U.S. reported a leap from 18% to 34%. These surges signal rising awareness but highlight uneven progress across regions.
Interestingly, Yubico found little difference across age groups in the ability to recognize phishing emails. Gen Z is not less skilled at spotting scams, but they are far more likely to engage with them compared to older groups.
To view the full report, click here[1].
Why Gen Z Is More Vulnerable
Analyses from security publications suggest several reasons why Gen Z is disproportionately at risk. They are twice as likely to fall for phishing as older generations, due to their constant digital exposure, faster “click first” behavior, frequent password reuse, and blurred boundaries between personal and professional accounts.
Additionally, “polyworking,” the act of juggling multiple jobs, freelancing gigs, and side hustles, is increasingly common for younger workers. This expands their digital footprint, requiring them to maintain multiple apps, credentials, and platforms, which attackers exploit for phishing and impersonation.
Emerging techniques such as quishing, or QR based phishing, and AI generated phishing campaigns are raising the stakes further. Studies show that large language model crafted phishing emails can perform as well as, or better than, human written ones, making detection harder even for cautious users.
What This Trend Signals & What Can Be Done
The Yubico survey underscores an urgent truth: the human factor remains the weakest link in security. High engagement rates with phishing messages among Gen Z, combined with inconsistent MFA adoption, create a fertile ground for attackers.
Experts recommend:
- Wider adoption of MFA, passkeys, and hardware security keys, replacing passwords as primary authentication.
- Regular cybersecurity training focused on social engineering tactics, persuasion methods, and evolving scam types.
- Stronger organizational policies, ensuring MFA is mandatory across all corporate tools.
- Awareness campaigns around new phishing vectors, such as QR code scams and AI powered messages.
As phishing grows more sophisticated, the gap between user confidence and real world behavior is widening. For companies and individuals alike, closing that gap may be the only way to stem the rising tide of digital compromise.
References
- ^ click here (www.yubico.com)