AI phishing scams fool half of workers

A startling new survey reveals that most people can’t tell the difference between a phishing message written by artificial intelligence and one written by a human. The study polled 18,000 employed adults worldwide. Participants were asked to identify whether emails were real or fake, and the results were alarming. Only 46% of respondents correctly recognized an AI-written phishing email. The other 54% either thought it was authentic or weren’t sure. Even more surprising? Age didn’t make much difference. Awareness rates were nearly identical across all generations, from Gen Z to baby boomers. This proves that no age group is immune to sophisticated AI scams.

AI phishing scams continue to trick people

The research, conducted by Talker Research for Yubico, found that 44% of people interacted with a phishing message in the past year, such as by clicking a link or opening an attachment. Alarmingly, 13% admitted it happened within the last week. Younger users seem to be at higher risk. 62% of Gen Z respondents said they had fallen for a phishing scam in the past year, compared to 51% of millennials, 33% of Gen X, and 23% of baby boomers. When asked why they were tricked, 34% said the message appeared to come from a trusted source, while 25% admitted they were simply rushing and didn’t pause to think.

Mixing work and personal devices fuels phishing risks

The survey uncovered another major issue: people blurring the line between work and personal devices. Half of all respondents said they log into work accounts on personal devices, often without their employer’s knowledge. At the same time, 40% use personal email on work devices and 17% access online banking from the same laptops they use for work. That’s a dangerous mix. A successful phishing attack on your personal data could compromise your work security, and vice versa.

Weak security habits make AI phishing easier

Despite these growing threats, three in ten people still haven’t turned on multi-factor authentication (MFA) for their personal accounts. Even worse, 40% said their employer never provided cybersecurity training. Many companies also use multiple, inconsistent authentication methods instead of one secure MFA system, leaving workers vulnerable. This inconsistency, combined with human error, creates an easy target for AI-powered phishing campaigns that mimic real communications almost perfectly.

How to protect yourself from AI phishing attacks

AI phishing is growing fast, and even cybersecurity experts admit they can be fooled. These scams are evolving so quickly that messages now look flawless, written in perfect grammar, using a familiar tone, and often tailored to you. Attackers scrape your name, job title, and contact details from public databases, then use that data to train AI to mimic real emails you’d expect to see. That’s why simple habits matter more than ever. Follow these steps to protect both your personal and professional accounts from AI-driven phishing scams.

1) Turn on multi-factor authentication (MFA)

Use multi-factor authentication on every account that supports it, especially your email, banking, and work logins. MFA adds a second step, like a fingerprint or temporary code, making it far harder for attackers to access your data even if they steal your password. This small step can stop a major breach before it starts.

2) Pause before you click and verify the source

If you didn’t ask for it, don’t click it. Phishing emails often sound urgent or too specific to ignore; that’s exactly the trap. Before you respond, take a breath and double-check. Verify the message directly by calling or texting the sender using a known number, not one listed in the email. Never send money, credentials, or sensitive files in response to an unexpected request. If anything feels off, it probably is.

3) Remove your personal data from public databases

Scammers often find your contact details, email, and phone number on people-search sites and public data brokers. That information can help AI generate realistic phishing messages targeting you. Using a personal data removal service such as Incogni helps you get off the criminal radar by deleting your personal information from these sites. Reducing your online footprint makes you a less visible and less vulnerable target.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

4) Use strong antivirus protection

Strong antivirus software with phishing detection can catch dangerous links and attachments before they reach your inbox. Choose security software that includes web protection and automatic updates so it can block new threats as AI-generated scams evolve. Strong antivirus protection acts like a digital shield between you and the latest phishing tactics. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

5) Check sender details closely

AI can copy tone and language almost perfectly, but it still leaves small clues behind. Look carefully at the sender’s email address, spelling, and formatting. One extra character or subtle style shift may be the giveaway. If you get an email claiming to be from your boss, your bank, or a delivery service, always confirm the request through another trusted channel before clicking or replying.

6) Keep work and personal accounts separate

Half of employees admit they log into work accounts from personal devices, and that’s a big risk. Blurring the line between work and home makes it easier for a single phishing attack to infect both. Use your company laptop only for work and your personal phone or computer for private activities. This separation keeps sensitive data safer on both sides.

Related Links: 

• Dodging a digital bullet: A true close call with a work email scam
• Bank pop-up scam could empty your account in seconds
• Inside a scammer’s day and how they target you

Kurt’s key takeaways

Phishing once relied on sloppy grammar and obvious mistakes, but AI has changed the game. Today’s scams look polished, professional, and alarmingly real. You might think you’d never fall for one, yet research shows half of people already have. The good news is that awareness and simple habits, like turning on multi-factor authentication, can make all the difference. AI is rewriting the rules of cybercrime, but preparation beats panic every time. Recognizing that anyone can be fooled is the first step toward stronger digital habits, so start now by securing your accounts.

Have you ever received a message that looked real but turned out to be a scam? How did you spot it? Let us know in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.