Gen Z were meant to be the most digitally literate generation, raised on smartphones and social media. Yet new research from Yubico shows that they are falling for phishing scams at a higher rate than their older peers.
The survey, carried out by Talker Research across nine countries for Yubico’s 2025 Global State of Authentication report, asked 18,000 adults about their online security habits. The findings paint a worrying picture of how younger users behave when facing online tricks.
62% of Gen Z respondents said they had interacted with a phishing message in the last year. That could mean clicking a suspicious link or opening a dangerous attachment. This was higher than any other generation, showing that familiarity with technology has not translated into safer habits.
Phishing messages are now more convincing because of AI, so it has become so much easier to trick people. Yubico said that 70% of people believe scams are now more successful due to AI and 78% think the messages have become more sophisticated.
How Does AI Make Scams Harder To Spot?
AI has given scammers the power to pretend to be real companies, colleagues or even friends at this point. Emails and texts can now be drafted with realistic wording and fake websites can be built to look identical to trusted platforms. AI can even create deepfake audio or video files to trick people into handing over information.
The survey found that when shown a phishing email, more than half of respondents either believed it was real or could not tell. That included 54% who thought the scam message was authentic or were unsure. Gen Z were not the only group to struggle, as recognition rates of phishing attempts were nearly the same across age groups.
What stands out is that while all generations find it hard to spot scams, Gen Z are more likely to act on them. This makes one wonder whether their constant exposure to online content is leaving them more comfortable clicking links without stopping to check.
Another factor is overconfidence…
Many younger users think they can recognise scams because of their experience online, but the statistics show that confidence does not equal accuracy. This false sense of security leaves them more open to falling into traps.
More from News
- Can AI Go Green Without Losing Its Power?
- Experts Share: How To Stay Protected From Cybersecurity Risks Of Digital ID
- UK Government Invests £4.4 Million To Drone And Aviation Tech
- Could Google Remove The AI Search Feature?
- Crypto Scams Reach $2.3 Billion In 2025, Here’s Why
- Neon Goes Dark (Ironically), Exposing Users’ Private Data To Other Users
- How Is The UK Accelerating The Use Of AI In The NHS?
- What Is ChatGPT Pulse And How Does It Work?
Are Companies Doing Enough To help?
The research also looked at workplace habits and here the numbers were worrying with 40% of workers worldwide saying they have never had cybersecurity training from their employer. That means many young employees are left to use their personal instincts when navigating suspicious emails or messages at work.
On authentication methods, 62% of organisations still use mainly just standard usernames and passwords. Only 33% use device-bound passkeys such as hardware security keys, which Yubico described as the most secure option available. The survey showed that 26% of people even believe passwords alone are the safest choice, despite them being the easiest to compromise.
Outdated practices matter because personal and professional online lives are often linked. The research found that 40% of workers use personal email accounts on work devices, and the same share check work email from personal devices. If a scammer gets access to one account, it can quickly spread into professional systems.
What Can Help Gen Z Protect Themselves?
In the UK, belief in hardware security keys and device-bound passkeys jumped from 17% in 2024 to 37% in 2025. This shows a more users are learning to trust in stronger tools, especially as phishing becomes harder to spot.
Training also makes a difference because where people are taught how to recognise scams, they are more likely to question suspicious links. The problem is that training is inconsistent, and too many younger workers are left without guidance.
Gen Z’s lesson here is to slow down before clicking. Their natural speed online, moving between apps and accounts, may be exactly what scammers bet on. Better awareness and stronger authentication methods could help turn the numbers around.
Ronnie Manning, chief brand advocate, Yubico, said: “Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organisations appear slow to adopt security best practices.
“It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44% of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education and action must go hand-in-hand.”
