The email accounts of tens of thousands of Telecom Xtra
customers have been hacked again, and this time there could
be no end in sight to the deluge of spam from pranksters and
Cyber hackers have attacked Yahoo, Xtra's email provider,
resulting in spam and spoof emails.
The hackers have stripped email contacts from the accounts by
obtaining usernames and passwords, which Yahoo vice-president
Jay Rossiter said appeared to have been taken from a
Even if customers secure their accounts by changing passwords
- as recommended by Telecom, which is locking customers out
until they do so - their address book contacts could continue
to receive spoof emails in the name of the Xtra account
And changing to another email provider or closing the account
will not automatically end the problem.
The problem is particularly serious for business owners who
rely on their email address as a point of contact, but all
email users have to be careful about suspect-looking emails
that include random links, even if they come from a trusted
Telecom spokeswoman Lucy Fullarton said spoof emails were a
forgery of a captured account name, which could be convincing
enough to trick the receiver into clicking on an included
"So we are warning customers and non-customers to be careful
- if you receive any mail you should look carefully and if it
looks suspicious, delete it or check with the sender."
Clicking on the link could open the receiver up to a variety
of cyber crimes including phishing - a process in which
hackers try to harvest information such as credit card or
bank account details.
Spam can also include malicious internet trojans built to
delete, block and copy data.
Mrs Fullarton said resecured accounts could not be used again
by hackers, but with a "forged" email address they could
continue to send the spoof emails from servers outside of
Yahoo, even if the account was closed.
She said the late January attack was the fourth time Yahoo
Xtra customers had been compromised in the past 12 months,
with varying degrees of effect.
- Xtra customers whose accounts have been hacked should
change their passwords.
- They should also tell email contacts their account has been
- Contacts and non-customers should be on the alert for
"spoof" emails in the name of their friends and colleagues.
- People who receive spoof emails should not click on links
provided in them.
- Suspicious emails should be deleted or checked with the
- Natalie Akoorie