BBB Tip: Hauntings From the Cyber Beyond Could be a Trick – Not a Treat

A little late-night Web surfing reveals an instant message popping up from a sender you once knew. Once being past tense because they have already left the land of the living and now, so it seems, they are reaching out to reconnect. Before clicking reply, keep in mind approximately 2.5 million deceased individuals have their identities stolen every year according to a study by ID Analytics.

This practice is called “deceased identity theft,” and is committed by criminals who obtain Social Security Numbers, previous addresses, birthdays, employment histories, and other information simply by reading obituaries, combing through public records, or even phishing. Then, they use it to drain the deceased’s accounts. This can cause nightmares for surviving family members, particularly for any who had joint accounts with the dearly departed as they could be responsible for costs associated with damages.

The deceased person’s online presence has most likely been picked up by a scammer who is using their information to steal the identity of other online souls. These fraudsters may even go further and use this data to file tax returns, open credit cards, or create bank accounts in the deceased’s name.

It can take up to six months after death for financial institutions, credit bureaus, and the Social Security Administration to share and update their records officially labeling an account holder as deceased. As a result of this delay, ghosting usually goes unnoticed for months. Once the funeral is over and the estate is settled, relatives typically don’t think to check on credit reports associated with the decedent. Six months is plenty of time for fraudsters to steal important information necessary for identity theft from hospitals, funeral homes, and published obituaries.

The best way to protect a loved one’s personal information is to be prepared.

  • Monitor all accounts. Even the online ones. Try to obtain information on all accounts – both digital and physical – of the person who has died. Be sure to include any current usernames, passwords, and security questions required to access their accounts in your records.
  • Secure the data. Keep all the data in a secure location and only those who can be trusted should know how to access it. To prevent the hacking of their online presence, lock or delete any accounts associated with the deceased using the collected information.
  • Minimize the sharing of information. When writing an obituary, be cautious about how much information is included. For example, including the person’s age would be fine, but exclude their birth date, maiden name, or any other information that could be the answer to any of their security questions.
  • Request a “deceased alert” on important records. Send copies of the death certificate to the three credit reporting bureaus and any financial institutions, credit card companies, insurance firms, or banks where they held an account.

Unfortunately, scammers aren’t going to be scared away by garlic, wooden stakes, or other horror movie measures. However, with a little preparation, it is much easier to keep a deceased loved one’s identity safe from theft. Visit for tricks and tips on how best to keep ghastly beings from haunting your family. Remember, you can do your own ghostbusting by reporting it to BBB’s Scam Tracker

Information courtesy of the Better Business Bureau