Nearly two thirds (62 percent) of web users that have had an online account compromised were unaware how the hackers gained access in the first place, says Commtouch.
According to the security firm's The State of Hacked Accounts report, which looked at the theft, abuse and eventual recovery of Gmail, Yahoo, Hotmail and Facebook accounts, less than third (31 percent) of web users noticed their account had been compromised.
More than half (54 percent) revealed they only found out their account has been compromised because friends alerted them and 15 percent only found out because they received an official email from the account's provider.
- The latest security advice
Furthermore, 15 percent believe their log-in details were stolen when using a public Wi-Fi connection, while the same amount believed clicking a link on Facebook resulted in their account being compromised.
Of the accounts that were compromised, Facebook made up nearly a quarter (23 percent) while 27 percent were Yahoo webmail accounts, 19 percent were Gmail and 15 percent were Hotmail. The remainder were listed as 'other'.
More than half (54 percent) of the compromised accounts were used by hackers to send spam and one in eight were used to in 'phoney distress' email scams that saw messages sent to friends asking for them to wire funds to a foreign country.
However, when it came to recovering the account from the hackers control, nearly a quarter (23 percent) did nothing, believing it was a one-off event. More than two in five (42 percent) changed their password to gain control back and 23 percent of these even scanned their machine with antivirus software as well.
"Commtouch's poll reveals that more than two-thirds of all compromised accounts are used to send spam and scams," said Amir Lev, Commtouch's chief technology officer.
"This is not surprising, as cybercriminals can improve their email delivery rates by sending from trusted domains such as Gmail, Yahoo, and Hotmail, and enhance their open and click-through rates by sending from familiar senders."
The security firm advised web users to use hard-to-guess unique passwords for each online account, as well thinking carefully before clicking links on Facebook.
"Legitimate user webmail and Facebook accounts are a valuable prize for spammers and scammers," Commtouch said in the report.
"The use of these for spam and scams is expected to increase and users should therefore take basic precautions when they access these in public domains as well as observing sound password management."