Certain websites included in phishing emails successfully lure users up to 45 percent of the time, according to the study.
Once on the bogus pages - which tend to imitate legitimate sites, like Google itself, in an effort to obtain people's private details - 14 percent of people unwittingly submit their information to hackers.
Researchers said the percentage of people who get tricked was "much higher" than they expected.
To reach this conclusion, the team looked at 100 phishing emails self-reported by Gmail users.
The team also reviewed 100 phishing websites caught by Google's Safe Browsing system.
They found that even on the worst-performing phishing websites, three percent of users still submitted their data.
On the most effective phishing sites, as many as 45 percent shared key information, Huffington Post reported.
According to the study, hackers use Gmail's own search function to figure out if an account is worth their time, looking for terms like "wire transfer" and "bank".
About 20 percent of hackers access compromised accounts within 30 minutes of getting their credentials.
To avoid phishing, enable the two-step verification on your email account and report any suspicious emails instead of responding to them, researchers suggested.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.