By Sandra Guille
Better Business Bureau
The dark web and cyberattacks are scary enough on their own, but imagine receiving an email or instant message from a loved one that you know has already passed away. This practice is called profile cloning.
Such scams work either by cloning an account — stealing the information from someone’s social media profile and then using it to set up a new account that is actually controlled by someone else — or by hacking into and taking control of an old one.
A different form of identity theft practice, called ‘ghosting’ is much more serious affecting the identities of 2.5 million Americans, according to AARP. Criminals who engage in this activity obtain Social Security numbers, previous addresses, birthdays, employment histories, and other information that they use to drain the deceased’s accounts.
This can cause nightmares for surviving family members, particularly for any who had joint accounts with the dearly departed as they could be responsible for costs associated with damages.
It can take up to six months after the death of a loved one for financial institutions, credit bureaus, and the Social Security Administration to share information with one another and update their records, officially labeling an account holder as deceased.
As the result of this delay, the ghosted profile usually goes unnoticed for months. Once the funeral is over and the estate is settled, relatives typically don’t think to check on credit reports associated with the decedent. Six months is plenty of time for fraudsters to steal important information necessary for identity theft from hospitals, funeral homes, and published obituaries.
The best way to protect a loved one’s personal information is to be prepared. Though it may not feel important at the time, monitor all accounts – both digital and physical – of the person who has passed away. Be sure to track any current usernames, passwords, and security questions required to access their accounts in your records.
All of this data should be stored in a secure location and only those who can be trusted should know how to access it. To prevent the hacking or cloning of their online presence, lock or delete any accounts associated with the deceased using the collected information.
When writing an obituary, be cautious about how much information is included. For example, including the person’s age would be fine, but consider excluding their birth date, maiden name, or any other information that could be the answer to any of their security questions.
To request a “deceased alert” on important records, send copies of the death certificate to the three credit reporting bureaus and any financial institutions, credit card companies, insurance firms, or banks where they held an account.
Unfortunately, scammers aren’t going to be scared away by garlic, wooden stakes, or other horror movie measures. However, with a little preparation, it is much easier to keep a deceased loved one’s identity safe from theft. Visit bbb.org for tricks and tips on how best to keep a clone or ghost from haunting your family.
