Cyberattack of the Living Dead, when fraudsters assume deceased person’s online identity

Imagine you’re surfing the Web late one night and an instant message pops up from a sender you know has already left the land of the living, causing you a terrible fright. The deceased person’s online presence has most likely been picked up by a scammer who is using their information to steal the identity of other online souls. These fraudsters may even go further and use this data to file tax returns, open credit cards, or create bank accounts in the deceased’s name.

This practice is called “ghosting,” and approximately 2.5 million deceased individuals are affected each year. Criminals who engage in ghosting obtain Social Security Numbers, previous addresses, birthdays, employment histories, and other information that they use to drain the deceased’s accounts. This can cause nightmares for surviving family members, particularly for any who had joint accounts with the dearly departed as they could be responsible for costs associated with damages.

It can take up to six months after death for financial institutions, credit bureaus, and the Social Security Administration to share and update their records officially labeling an account holder as deceased. As the result of this delay, ghosting usually goes unnoticed for months. Once the funeral is over and the estate is settled, relatives typically don’t think to check on credit reports associated with the decedent. Six months is plenty of time for fraudsters to steal important information necessary for identity theft from hospitals, funeral homes, and published obituaries.

The best way to protect a loved one’s personal information is to be prepared. Though it may not feel important at the time, monitor all accounts – both digital and physical – of the person who has passed away. Be sure to include any current usernames, passwords, and security questions required to access their accounts in your records. All of this data should be stored in a secure location and only those who can be trusted should know how to access it. To prevent the hacking or ghosting of their online presence, lock or delete any accounts associated with the deceased using the collected information.

When writing an obituary, be cautious about how much information is included. For example, including the person’s age would be fine, but exclude their birth date, maiden name, or any other information that could be the answer to any of their security questions. To request a “deceased alert” on important records, send copies of the death certificate to the three credit reporting bureaus and any financial institutions, credit card companies, insurance firms, or banks where they held an account.

Unfortunately, scammers aren’t going to be scared away by garlic, wooden stakes, or other horror movie measures. However, with a little preparation, it is much easier to keep a deceased loved one’s identity safe from theft. Visit for tricks and tips on how best to keep ghosting from haunting your family.


Leave a Reply