Hackers are using unsuspecting web users as 'malware mules' to infect other PC users with viruses, says Symantec.
According to the security vendor's annual 'internet security threat' report, cybercriminals can purchase email login details and passwords for as little as 65p each.
The hackers then gain access to the email accounts and send messages containing the virus to the contacts listed in the account.
Symantec says the recipients of spam email are much more likely to trust the validity of a message coming from a recognised email address.
"'Malware Mules' are one of the most worrying trends identified in Symantec's Internet Security Threat report," said Con Mallon, security expert at Symantec.
"One of many ways to prevent this from happening is by keeping a close eye on what you do on the internet. Some email accounts show when your last login was and consumers are advised to check this each time they log in to make sure their last login was by themselves and not by a hacker."
Cybercriminals are also snooping through messages that have been stored in the inbox or personal folders, in a bid to obtain password and login details for online bank accounts.
According Symantec, hackers could potentially use the information in these saved emails to reset passwords "giving the fraudster complete access to personal account and indeed whole identities".
"The growth in sales of email accounts on the underground economy is a worrying trend. If fraudulent purchases are made on your credit card, you're covered by your lender and can usually recoup the money," said Mallon.
"However, if your email account is hacked who do you turn to? Scarily, scammers could have access to all your passwords for less than a pound."