Most people still can’t identify a phishing attack written by AI - and that's a huge problem, survey warns (www.techradar.com)

New research from Yubico finds AI-augmented social engineering is outpacing users’ ability to spot it: 62% of Gen Z workers admitted interacting with a phishing attempt in the past year, and when shown a phishing email a majority (54%) thought it was written by a human or were unsure. Most respondents (70%) believe AI has made phishing more successful and 78% say attacks have become more sophisticated, with rising use of convincing deepfakes and voice cloning reported broadly across age groups — though ability to detect AI-written phishing was similar across ages, Gen Z engaged more frequently. The survey also highlights systemic weaknesses that amplify risk: 40% of workers have never had cybersecurity training, under half of organizations deploy multi‑factor authentication (48%), and passwords remain the dominant (56% work / 60% personal) but distrusted (only 26% call them most secure) credential method. That combination — sharper, AI-driven lures plus low training and limited MFA deployment — creates a large attack surface. The implications for defenders are clear: scale up user education, adopt phishing‑resistant authentication (e.g., FIDO2/passkeys or strong MFA), and invest in AI-enabled detection and verification tools to counter increasingly human‑like social engineering.