Telecom warns Xtra customers to be wary when they are opening emails and links.

The email accounts of tens of thousands of Telecom Xtra customers have been hacked again, and this time there could be no end in sight to the deluge of spam from pranksters and fraudsters.

Cyber hackers have attacked Yahoo, Xtra's email provider, resulting in spam and spoof emails.

The hackers have stripped email contacts from the accounts by obtaining usernames and passwords, which Yahoo vice-president Jay Rossiter said appeared to have been taken from a third-party database.

Even if customers secure their accounts by changing passwords - as recommended by Telecom, which is locking customers out until they do so - their address book contacts could continue to receive spoof emails in the name of the Xtra account holder.


And changing to another email provider or closing the account will not automatically end the problem.

The problem is particularly serious for business owners who rely on their email address as a point of contact, but all email users have to be careful about suspect-looking emails that include random links, even if they come from a trusted source.

Telecom spokeswoman Lucy Fullarton said spoof emails were a forgery of a captured account name, which could be convincing enough to trick the receiver into clicking on an included link.

"So we are warning customers and non-customers to be careful - if you receive any mail you should look carefully and if it looks suspicious, delete it or check with the sender."

Clicking on the link could open the receiver up to a variety of cyber crimes including phishing - a process in which hackers try to harvest information such as credit card or bank account details.

Spam can also include malicious internet trojans built to delete, block and copy data.

US Yahoo users victims of password hack:

Mrs Fullarton said resecured accounts could not be used again by hackers, but with a "forged" email address they could continue to send the spoof emails from servers outside of Yahoo, even if the account was closed.


She said the late January attack was the fourth time Yahoo Xtra customers had been compromised in the past 12 months, with varying degrees of effect.

Detecting and protecting

*Xtra customers whose accounts have been hacked should change their passwords.
*They should also tell email contacts their account has been hacked.
*Contacts and non-customers should be on the alert for "spoof'' emails in the name of their friends and colleagues.
*People who receive spoof emails should not click on links provided in them.
*Suspicious emails should be deleted or checked with the purported sender.