AI-driven phishing surges in India as 68% report scams, reveals Yubico survey

Amid rising AI-driven scam fears, with 83% of Indians concerned about account security, 68% faced phishing attempts—34% disclosed emails, 32% gave phone numbers—highlighting the urgent need for stronger authentication and broader cybersecurity education

Amid rising uncertainty around artificial intelligence and a spike in cyberattacks, Yubico has released the results of its annual Global State of Authentication survey—timed to coincide with Cybersecurity Awareness Month. The findings reveal serious vulnerabilities in how Indians handle security online, despite growing alarm over AI‑enabled fraud.

Survey uncovers India’s weak links in cyber defense

Commissioned by Yubico and conducted by Talker Research, the survey collected responses from 18,000 employed adults across nine countries—including 2,000 in India. It explored habits around account protection, the risks of lax security practices, and concerns over AI’s impact on personal and organizational safety.

“Our survey revealed a cybersecurity gap in India, where individuals are complacent about securing their own online accounts – and Indian organizations appear slow to adopt security best practices,” said Geoff Schomburgk, vice president for Asia Pacific and Japan at Yubico. He noted that an alarming 68% of Indian respondents reported interacting with a phishing message over the past year.

Many of these victims disclosed sensitive information: 34% gave email addresses, and 32% provided phone numbers. These findings underscore the urgency for stronger authentication systems and broader educational action.

AI fears rise, MFA usage grows but barriers persist

The survey reveals that 83% of Indians fear AI could compromise their accounts, reflecting anxiety over how generative AI can fuel more convincing scams. “India’s rapid digital adoption has opened new opportunities but also created fertile ground for cybercriminals,” Schomburgk added. He emphasized that reliance on passwords alone continues to expose users despite growing awareness, recommending hardware security keys and passkeys as “phishing‑resistant protection needed for the AI era.”

In India, 70% of respondents say they use multi‑factor authentication (MFA) for personal accounts, although significant barriers persist: 42% claim unfamiliarity, 30% think it's too time-consuming, and 18% say they lack technical knowledge. Use of device‑bound passkeys is growing: 22% use them for work, and 18% for personal accounts, up from 17% and 11% in 2024.

Despite recognizing weak confidence in passwords—only 39% consider them secure—many still rely on them: 59% use passwords for work accounts, 60% for personal accounts. Even more concerning, 11% have not enabled MFA for personal email, though such accounts often tie into critical services like social media, banking, cloud storage, and insurance.

“As cyber threats become more sophisticated, the good news is that the survey reveals that stronger, more secure authentication methods like device‑bound passkeys, like those on a YubiKey, are gaining momentum in India,” said Schomburgk. He urged both individuals and organizations to adopt phishing‑resistant solutions to stay secure in an evolving threat landscape.