And changing to another email provider or closing the account will not automatically end the problem.
The problem is particularly serious for business owners who rely on their email address as a point of contact, but all email users have to be careful about suspect-looking emails that include random links, even if they come from a trusted source.
Telecom spokeswoman Lucy Fullarton said spoof emails were a forgery of a captured account name, which could be convincing enough to trick the receiver into clicking on an included link.
"So we are warning customers and non-customers to be careful - if you receive any mail you should look carefully and if it looks suspicious, delete it or check with the sender."
Clicking on the link could open the receiver up to a variety of cyber crimes including phishing - a process in which hackers try to harvest information such as credit card or bank account details.
Spam can also include malicious internet trojans built to delete, block and copy data.
US Yahoo users victims of password hack:
Mrs Fullarton said resecured accounts could not be used again by hackers, but with a "forged" email address they could continue to send the spoof emails from servers outside of Yahoo, even if the account was closed.
She said the late January attack was the fourth time Yahoo Xtra customers had been compromised in the past 12 months, with varying degrees of effect.
Detecting and protecting
*Xtra customers whose accounts have been hacked should change their passwords.
*They should also tell email contacts their account has been hacked.
*Contacts and non-customers should be on the alert for "spoof'' emails in the name of their friends and colleagues.
*People who receive spoof emails should not click on links provided in them.
*Suspicious emails should be deleted or checked with the purported sender.
