The Telecommunications Users Association says it suspects thousands of email accounts have been compromised by a spam attack on YahooXtra customers.
Since Saturday, some internet users have been getting emails containing links to fake websites from friends and colleagues with YahooXtra accounts.
The association's chief executive, Paul Brislen, says despite Telecom and Yahoo saying the problem is fixed, the link is still being emailed around.
He says the vulnerability of Yahoo's servers was made public in Australia a month ago, and more needs to be done to let users know they are at risk.
Telecom says there are two separate, but potentially related, malicious attacks.
In the first, it says, customers receive emails with a link to a suspicious website which - if accessed - sends emails to people on their contacts list.
In the second, emails are sent from customers' accounts without their knowledge.
Telecom says it is working with Yahoo! to fix the problem; meanwhile it advises people to reset their email passwords as a precaution.