Dealing with a loved one’s death is a difficult and vulnerable time. Unfortunately, cybercriminals and fraudsters can exploit this period to manipulate grieving families and benefit from the estate. Understanding the mechanisms behind these attempts can help a deceased person’s family and loved ones protect themselves from cyberattacks.
How Attackers Identify and Target the Bereaved
Attackers often begin their schemes by collecting publicly available information. Obituaries, death certificates and some genealogy websites provide a wealth of personal data — like full names, dates of birth and details of surviving relatives — that could be dangerous in the wrong hands.
For example, obituaries may expose close relationships and geographical locations, allowing scammers to impersonate beneficiaries, creditors or government agencies.
Ideally, the government and financial institutions would immediately record a person’s death and update their file. However, delays can occur in updating the Social Security Administration’s (SSA) national file of reported deaths. This delay can give scammers enough leeway to access the deceased’s accounts, apply for credit or file false claims.
Common Social Engineering Tactics Used During Estate Settlement
Fraudsters rely heavily on deception to exploit grieving families, using methods like phishing and manipulation to get their way.
Phishing Emails and Calls
Phishing is a common tool for exploiting grieving families. In 2024, 79% of account takeover attacks occurred via phishing. Attackers may impersonate banks, insurance companies, creditors or government agencies. They could send emails or phone calls requesting sensitive information like login credentials, account numbers or social security information.
These messages often carry a sense of urgency, warning loved ones of frozen accounts or delays unless they take immediate action. Dealing with a loss is emotionally taxing, which means some individuals may be less vigilant and more susceptible to these requests.
Isolation and Manipulation
Fraudsters may also take advantage of the emotional isolation that accompanies grief. If a survivor is left to manage the estate without enough support, attackers may step in and pose as a trusted advisor or a friend of the deceased.
They could build rapport with the survivor and exert subtle pressure, manipulating them into sharing confidential details or transferring funds. Aside from the financial impact, this method also leaves the bereaved with substantial emotional harm.
Ways to Prevent and Mitigate These Attacks
Families and loved ones can take practical steps to reduce the risk of exploitation during the estate settlement process:
Notifying Government and Financial Institutions
One of the first measures should be to promptly notify relevant agencies and organizations — such as banks, insurance firms, the SSA and the IRS — of the death. The executor of the estate usually handles this process.
Requesting and Reviewing Credit Reports
Requesting the deceased’s credit reports can reveal unusual activity, like attempts to open unauthorized accounts or use existing lines of credit. These reports can also show active accounts that need closing or pending collection accounts.
Keep Documents Secure
All sensitive documents, including wills, death certificates and financial records, should be stored securely. The executor of the estate should keep physical copies in locked locations and password-protect any digital files. They should also be careful with whom they share personal or financial information in case an untrustworthy individual may be listening.
Writing the Obituary With Care
An obituary is a heartfelt way to honor someone who has passed. However, it’s best to limit the amount of personal information provided. Fraudsters could use exact birthdates, addresses or middle names to exploit the deceased person’s accounts. Obituaries should focus on honoring the person’s memory while minimizing the chances of data misuse.
Safeguarding Grieving Families from Attackers
Social engineering aimed at the bereaved is a cruel yet common form of exploitation where attackers prey on individuals at their most vulnerable moments. However, proactive steps like notifying institutions promptly and exercising caution in disclosing sensitive information can reduce the risk of compromise. Exercising care allows families to grieve without worrying about financial or material loss.
Devin Partida is an industrial tech writer and the Editor-in-Chief of ReHack.com, a digital magazine for all things technology, big data, cryptocurrency, and more. To read more from Devin, please check out the site.
.
.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.