In a sense, Crowell was lucky. The hackers didn't break into her e-mail account. When that happens, things can become much worse because hackers can often access other Web accounts by claiming to have forgotten their password and asking for a new one to be sent via e-mail.

There are often treasures in the victim's sent mailbox and archives. Old e-mail messages often include personal information that can be used in further attacks, and a

Finally, criminals can use the e-mail addresses to send malicious software to military and government employees, in what could be the first stage of a larger attack, Hilbert said. These targeted spearphishing attacks are a big problem for the government and military contractors, and have become a standard way for hackers to break into secure systems over the past half-decade.

"Government e-mail addresses should not be used for non-governmental work, and if they are there's a huge, huge problem," Hilbert said.

Although she knew she was making a mistake by reusing her password, Crowell was still "shocked" when she discovered the fraud. "It's one of the things that you hear about all the time, but you never think it'll happen to you."