Identity theft matters in death as it does in life.
If you and your relatives don’t have a plan for what will happen to your online identity after you perish, it may well fall into the hands of increasingly desperate cybercriminals who will stop at no bounds – even metaphysical ones – to get their hands on other people’s assets.
Here’s how to protect yourself or your loved ones from the nightmare of identity theft after death and what to do if it happens.
Think it’s safe to assume that once you’re pushing up the daisies, you no longer have to worry about having your identity stolen? We’re sorry to break the news, but online – as in real life – your identity and reputation will outlast you.
You Might be Dead, but Your ID Will Live On
Otherwise known as “ghosting,” the bad guys can usurp the names and credit ratings of the deceased to apply for credit cards, purchase cell phones, and even apply for loans in their name.
But who would stoop to stealing a dead person’s identity, you might be wondering?
In the same year, the IRS uncovered over 91,000 tax returns that had been filed under the names of deceased individuals, many of which resulted in fraudulent tax refunds being issued.
Talk about troubling findings!
What Can Be Stolen?
Those trying to claim deceased persons’ identities may attempt to:
- Receive any government benefits that they were receiving by falsely claiming themselves to be an executor of the deceased’s estate.
- Use the deceased’s social security number (SSN) to hijack their financial assets – such as bank accounts – before the rightful persons mentioned in the bequest have had an opportunity to.
- Steal the deceased person’s driving license, or handicap parking permit, and use it for themselves (relatives are more likely than strangers to do this one).
- Obtain their medical information to attempt to reissue a drug payment card to their address and use it to save on costly medications.
How Do They Get Away With It?
When somebody dies, population ministries such as the US Social Security Administration will identity notify major credit bureaus of the deceased’s passing.
The process, however, is far from instantaneous.
The time lag between the deceased’s passing and the end of the notification process is prime time for fraudsters to swoop in and try to claim the deceased’s financial assets as their own.
Traditional identity fraud techniques, such as phishing for credit card numbers, can be used during this period just as they can on the living. With living relatives distracted by grief and the deceased not around to notice suspicious activity, this type of fraud can even be significantly easier than more conventional methods.
Social security numbers of the deceased are also widely available online as well as on the black market, where they are often sold on the ‘dark web’. Sometimes, these are even posted on publicly available websites such as genealogy websites. Social security number, when coupled with phone numbers and physical addresses, can be used to gain access to online accounts.
Other forms of identity fraud, such as making fraudulent tax returns in the deceased’s name, could prove even more lucrative. In cases where internal audits are only carried out once every few years, the period could be long enough for criminals to enjoy the proceeds and flee the country once the cops catch on to the ruse.
How to Protect the Deceased from Identity Theft
Notifying credit bureaus as soon as a loved one leaves their earthly existence is the first and most important step loved ones can take to prevent identity fraud. Speeding up the notification process will close the window of time available to fraudsters as quickly as possible.
Once that’s been completed, check the deceased’s credit report using a reporting website such as annualcreditreport.com. Any suspicious activity you notice may be an indication that criminals have beaten you to the race.
Did the deceased have other financial assets? If so, it’s important to comb through the list one by one to make sure that they have all been made aware of the deceased’s passing. A non-exhaustive list of bodies that should be contacted, if applicable, include:
- Credit card companies
- Insurance brokers
It’s also vital that living relatives follow their state’s (or country’s) procedure for notifying deaths assiduously.
As soon as one dies in the US, for example, they should be registered in the national death index, also known as the US Death Master File (yes, that’s a real thing!) which then gets distributed to all agencies in the governmental network. This can save relatives the process of having to notify individual agencies individually – which can become a time-consuming process when they are located in other states.
Other steps that should be taken include:
- Avoiding mentioning extraneous details in obituaries. These could include former names that the deceased held, their maiden name, or other personal identifiers. All these could be exploited by identity thieves who – yes – have been known to use obituaries to find exploitable information about the deceased.
- Enforce a credit freeze. When speaking to the credit bureaus and notifying them of the death, ask that they put a “do not issue credit” flag on the deceased’s file. This should automatically block any further credit from being issued in their name.
- Notifying the motor bureau to ask them to cancel the deceased’s driving license.
- Closing digital assets: In the modern age, it’s highly unlikely that the deceased did not have a Facebook profile, LinkedIn page, or online mail account. All major providers have procedures in place which allow relatives in possession of a death certificate to close the account on their behalf. This prevents cybercriminals from hijacking them while attempting to find inactive accounts to take over.
- It’s also important to check whether they were a member of any genealogy or ‘family tree’ websites, such as Ancestry.com. If the deceased suffered from any condition that may have affected their cognitive abilities, such as Alzheimer’s, make sure that they haven’t inadvertently posted compromising personal information (such as social security numbers) about themselves there.
Finally, don’t consider that fraudsters could attempt to use less high-tech methods in their quest to rob the deceased’s identity and plunder their assets.
Those closest to the deceased should also be instructed to remain quiet about any significant assets that they may have held while alive during the period following death, including at the funeral.
Although the majority of those attending a funeral and religious post-burial customs are no doubt well-intentioned, it’s not beyond the realm of possibility that some will try fish out information from mourners during this vulnerable period that could be used during an identity theft attempt.
What to Do if a Deceased Love One is the Victim of Identity Theft?
What if you’ve checked your deceased loved one’s credit report and found an indication that somebody is busy applying for a cell phone purchase using your relative’s name to apply for credit?
In such a case, you should:
- Contact the institution: Whether it’s a cellphone provider, stockbroker, or credit card company, you should immediately notify the institution that somebody is using their former customer’s credentials for personal gain.
- Contact the police: This one requires little elaboration. Identity theft is a crime in almost all jurisdictions and the police should be made aware whether of its happening irrespective of whether assets have been stolen or not.
- Contact the Federal Trade Commission (FTC): The Federal Trade Commission operates a website, IdentityTheft.gov, where those that have had suffered identity theft themselves or are the representatives of a deceased family member who has, can get a personal action plan to restore all assets. Use the resource!