Researchers at Google and the University of California, San Diego found that emails that try to trick users into handing over their information work way better than believed.
Once the user reaches bogus pages, which tend to imitate legitimate sites, 14 percent of people unwittingly submit their information to hackers, 'Huffington Post' reported.
The study found that the percentage of people who get tricked was "much higher" than they expected.
Researchers looked at 100 phishing emails picked out of a random sample self-reported by Gmail users.
They also reviewed a random sample of 100 phishing websites caught by Google's Safe Browsing system to further understand how the scams work.
Investigators were then able to look back and see how people interacted with the emails and websites.
The study found even on the worst-performing phishing websites, 3 percent of users still submitted their data. On the most effective phishing sites, as many as 45 percent did.
Researchers said 20 percent of hackers access compromised accounts within 30 minutes of getting their credentials.
This is big business for scammers, as one attacker can be responsible for millions of phishing emails, Google noted.