Estate Planning & Elder Law Blog

Ghosting: The new frontier of identity theft

This phenomenon, known as "ghosting" or "ghost hacking," sees fraudsters adopting the identities of the deceased to build a new, clean credit profile; often exploiting the grief-stricken families left behind.

In tradition to identity theft, a fraudster may steal personal information like a Social Security number or credit card details to gain unauthorized access to financial resources. However, “ghosting” takes this a step further by assuming the identity of someone who has passed away. This allows the fraudster to build a positive credit history and access financial resources they might otherwise be denied due to their own poor credit or criminal background. Ghost hackers may even take over the deceased’s social media accounts and email addresses, furthering their deceptive activities.

According to the Identity Theft Resource Center (idtheftcenter.org), of the approximately 2.5 million deceased individuals that fall victim to identity theft annually, an estimated 800,000 are specifically targeted because they have passed away. The remaining identities may simply be chance victims of identity theft or random use of Social Security numbers, highlighting a significant risk that families must address when settling estates.

Protecting your identity during your lifetime

Digital defenses: Create robust, unique passwords for all your accounts and enable two-factor authentication where possible. This extra layer of security requires you to verify your identity via a secondary method, such as a cell phone or email account, making it significantly harder for unauthorized users to gain access.

Plan ahead: Incorporate your digital assets into your estate planning. Make a detailed inventory of your online accounts, how to access them, and appoint a trusted individual to manage these assets after your death. This should include social media accounts, email, online banking, and billing accounts. Proper planning will not only protect your identity but also provide clear guidance to your loved ones when settling your estate.

Steps to safeguard a deceased loved one’s identity

Be cautious with personal information in obituaries: Information such as birth dates, places of birth, maiden names, and family member names can serve as a starting point for ghost hackers. Minimizing the shared details can help reduce the risk of your loved one’s identity being targeted.

Secure accounts: Notify relevant agencies such as the Social Security Administration (SSA)*, credit reporting agencies, Department of Motor Vehicles, financial institutions, creditors, and insurance companies when a loved one passes away. The SSA can place a lock on the account to prevent unauthorized changes, and sending death certificates to these agencies ensures that a “deceased alert” is placed on the accounts. *The funeral home may do this as part of its services.

Redirect mail: If the deceased was single, put in for a change of address for their mail. Typically, the mail should be re-routed to the fiduciary administering the estate or trust.

Close accounts: Close bank or investment accounts that are in the deceased’s name alone and remove the deceased’s name from any joint accounts.

Exercise caution: Be wary of individuals who show excessive interest in your loved one’s personal documents or accounts. Sometimes, “ghosters” may be acquaintances or even family members. If someone is overly inquisitive or offers unsolicited assistance with legal or financial matters, it’s worth exercising caution.

For more on immediate and long-term steps to take in the event of a death, read “Survivor's Checklist: What to do When a Loved One Passes Away” on our Estate Planning & Elder Law Blog.

What to do if identity theft affects a deceased loved one

If, despite your best efforts, your loved one’s identity is stolen, take immediate action:

Report it: File an Identity Theft Report with the Federal Trade Commission (FTC) and place a fraud alert on the deceased’s credit files to prevent further fraudulent activity. This alert will make it more difficult for the ghost hacker to open new accounts or make purchases using the stolen identity.

File a police report: If you suspect the ghost hacker might be known to you or your loved one, file a police report. Identity theft is a crime, and law enforcement can act even if the victim is deceased.

Ongoing monitoring: Regularly monitor the deceased’s financial accounts until they are closed and credit reports for any signs of suspicious activity. This vigilance can help identify and address issues before they escalate.

Final thoughts: Proactive measures for digital protection

In an era where personal data is both an asset and a target for “ghosters”, safeguarding your identity—during life and after death—is crucial. By taking proactive steps and remaining vigilant, you can help protect yourself and your loved ones from the pervasive threat of identity theft.

The information contained in this article is for general information purposes only and should not be construed as legal advice. If you have further questions about incorporating digital assets into am estate plan and protecting them, contact a Foster Swift Trusts & Estates attorney. If you have concerns about what measures to take to protect against digital hacking and other cybersecurity issues, contact a member of our cybersecurity team.