Email addresses that have fallen victim to spam messages in the past few days have been "spoofed'', Telecom says.
Spoofing involved the forged use of an email address to send out email traffic such as marketing spam, the company said today.
The activity targeted people with Xtra Yahoo! accounts,
On Friday, Telecom said it was working with Yahoo! to investigate the issue, and suspicious emails, often with "Hi'' or "Hello'' in the subject line, have flooded email inboxes since.
The scale of the problem would never be known because emails did not necessarily travel through the Yahoo! server, a spokeswoman said today.
Spoofing attacks were a daily occurrence worldwide and an unfortunate hazard of email via the internet, Telecom said.
There was no technical way for Yahoo or Telecom (or any other ISP) to prevent these spoof emails from being sent, many of which are generated from overseas servers. The actual user's email account was not used to send "spoof'' emails, but it appeared as if it was, the company said.
An investigation was unable to confirm the scale and source of the issue, but it was possible that unauthorised access of customer address information sourced via attacks in 2013 may have played a role.
It was not believed that the spoofed emails contained 'Trojans' or viruses, Telecom said.
"I am extremely unhappy that our customers continue to be the victims of cyber criminals, and understand why they are angry and frustrated by the ongoing issues,'' Telecom retail chief chief executive Chris Quin said.
"Yahoo! has advised us that this latest email incident is generated outside of the Yahoo! network and infrastructure, and they have limited technical options to halt the email spoofing by cyber criminals.''
A total of 87,000 accounts were compromised in an attack in February last year.
Useful safety tips:
* use a unique password for your email - for example don't use the same password for your online banking, your email and your Twitter account;
* change your email password regularly and don't go back to old passwords, always set up and use a new one;
* scam emails can appear to come from someone you know, so don't click on suspicious links and watch out for phishing scams;
* recognise when it is too good to be true - for example lottery wins notifications;
* ignore unexpected attachments - if in doubt delete and contact the person who sent it to confirm it is the real deal;
* keep software and anti-virus up to date; and
* don't include sensitive information such as credit card details or passwords in emails.