Deceased Identity Theft: How It Happens, How to Detect It, and How to Stop It

Why Deceased Persons Are Prime Identity Theft Targets

Deceased individuals are disproportionately targeted for identity theft for reasons that are structural and hard to eliminate:

| ContentWhy It Enables FraudContentTimeline of Vulnerability** | | --- | --- | --- | | SSN remains credit-active after death | The SSA's Death Master File (DMF) is updated weekly from funeral home reports, family notifications, and state agencies — but the update propagates slowly through the financial system. Financial institutions may not receive or process the update for weeks to months. | Window of maximum vulnerability: first 2-6 weeks after death when DMF has not yet reached all creditors and credit bureaus | | Obituaries broadcast personal data | Traditional obituaries include: full name, date of birth, address, mother's maiden name, names of surviving family. This is almost everything needed for identity fraud — and it is published publicly. | Fraud can begin within hours of obituary publication. One documented case had a Georgia woman's late husband targeted within 2 days of his obituary appearing. | | No one is monitoring the credit file | A living person may notice unauthorized credit inquiries or new accounts. A deceased person's credit file has no active monitor unless the executor or family specifically sets one up. | Fraud can go undetected for months or years — especially on accounts opened after death where no paper statements arrive at the deceased's address | | Family member fraud is common | The Identity Theft Resource Center (ITRC) notes that family members in financial distress sometimes use a recently deceased relative's identity — particularly if they already had access to documents and account numbers. | Often surfaces during estate administration when unexpected creditor claims appear | | Credit applications bypass death record checks | Not all lenders or creditors check the DMF before approving credit. Smaller lenders and online platforms may have delayed or incomplete death record integration. | Creates continuing vulnerability even after DMF is updated |

How Ghosting Fraud Works: The Step-by-Step Playbook

Understanding the fraud mechanics helps families recognize warning signs and take targeted countermeasures.

Step 1: Information Gathering

Fraudsters obtain the deceased's personal information through multiple channels:

• Obituary monitoring — scanning newspaper and online obituaries for name, date of birth, address, mother's maiden name, and family member names
• Social Security Death Index (SSDI) — a public database historically used for genealogy research that contains names, SSNs, birth dates, and death dates. The public version of the SSDI is technically the 'Limited Access DMF' — its availability has been progressively restricted, but older data remains accessible
• Stolen mail — intercepting mail at the deceased's (now often vacant) address to capture financial statements, SSN notifications, and credit offers
• Data breaches — the deceased's SSN may have been included in pre-existing data breaches that fraudsters later activate
• Family members with prior access — those who already knew account numbers, PINs, or had access to documents

Step 2: Opening New Accounts

With the deceased's SSN, name, and date of birth, a fraudster can apply for: new credit cards, personal loans, auto loans, payday loans, utility accounts, and cell phone plans. Because the deceased's credit file is not yet flagged as deceased, most automated approval systems will process these applications normally.

Step 3: Running Up Debt and Disappearing

The fraudster uses the accounts, runs up charges, and disappears. The accounts eventually go to collections. Collection agencies then contact the deceased's estate or surviving family members — which is usually when the fraud is first discovered, often months after it occurred.

Additional Fraud Vectors Beyond Credit

| ContentHow It WorksContentHow It's Detected** | | --- | --- | --- | | Tax Refund Fraud | Fraudster files a federal or state tax return in the deceased's name before the executor files the legitimate final return, claiming a refund that is deposited into the fraudster's account. | IRS rejects the legitimate final return as a duplicate; executor receives IRS letter; may require filing Form 14039 (Identity Theft Affidavit) for a deceased person | | Government Benefits Fraud | Fraudster continues collecting Social Security, veterans' benefits, disability, or pension payments that should have stopped at death — by not reporting the death or by diverting payments. | Benefits continue being deposited; estate discovers ongoing payments; SSA overpayment demand arrives | | Medical Identity Theft | Fraudster uses the deceased's Medicare or insurance information to obtain medical services or equipment, or to file fraudulent medical claims. | Explanation of Benefits (EOB) notices arrive for services after the date of death; Medicare Summary Notice shows claims for post-death services | | Prescription Fraud | Fraudster uses the deceased's health insurance to obtain prescription medications, especially controlled substances. | Insurance claims for controlled substances appear on EOB statements after death | | Property and Mortgage Fraud | Fraudster records a forged deed transferring the deceased's property to themselves or an entity they control. | Mortgage statements or property tax bills addressed to unknown parties; county recorder search shows new deed (see IP-6 for property fraud monitoring) |

Warning Signs of Posthumous Identity Theft

Monitor for these specific indicators in the months following a death:

Red Flags That Warrant Immediate Investigation

• Collection calls or letters for accounts you do not recognize as belonging to the deceased
• Credit card offers or loan approval notices arriving in the deceased's name after death
• IRS notice that a tax return was already filed for the deceased's SSN
• Medicare Explanation of Benefits showing services after the date of death
• Bills from medical providers, utilities, or cell phone companies for accounts not recognized
• Mortgage statements, property tax bills, or HOA notices addressed to an unknown party at the deceased's address
• Bank statements or financial account notices for accounts the estate did not know existed
• Collection agencies calling about debts incurred after the date of death
• Credit report showing new inquiries or new accounts opened after the death date
• Any government agency correspondence referencing continued benefit payments

Immediate Response: What to Do If You Discover Fraud

1. Pull the deceased's credit reports immediately from all three bureaus (Experian, Equifax, TransUnion) via a direct request with death certificate. Review every account and every inquiry with a date after the death.
2. Report to the FTC at IdentityTheft.gov — select 'Someone used a deceased person's information.' The FTC generates a personalized recovery plan and pre-filled dispute letters.
3. File IRS Form 14039 (Identity Theft Affidavit) if tax fraud is suspected. This can be filed by a surviving spouse or court-appointed representative for a deceased taxpayer. The IRS will mark the deceased's SSN as a fraud victim and flag future returns.
4. Contact each creditor directly — call and then follow up in writing: 'This account was opened fraudulently after the death of [name] on [date]. I am the executor/surviving spouse. I request you close this account immediately, remove it from the credit file, and cease all collection efforts against the estate.'
5. File a police report with local law enforcement — you will need the report number for creditor disputes and may need it for other recovery steps.
6. Notify the SSA at 1-800-772-1213 if you believe the deceased's SSN is being actively used fraudulently — request confirmation that the SSN is properly flagged in the DMF.

IRS Identity Protection PIN (IP PIN) — Can It Apply to Deceased?

The IRS's Identity Protection PIN (IP PIN) program is available for living taxpayers to prevent fraudulent returns. For deceased individuals, the equivalent protection is filing the final Form 1040 as early as possible (before fraudsters can file) and submitting Form 14039 if fraud is suspected. The executor should file the final return for the year of death as soon as the information is available — don't wait until April 15 if fraud risk is present.

The Obituary Problem: What Not to Include

Obituaries are necessary and meaningful — but many traditional obituaries include information that directly enables identity theft. This is a balance between honoring the deceased and protecting the estate.

| ContentInclude in Obituary?ContentRisk If IncludedContentAlternative** | | --- | --- | --- | --- | | Full legal name | YES — necessary | Low by itself | Standard practice; necessary for identity | | Date of death | YES — expected and appropriate | Low by itself | Standard practice | | Full date of birth (day, month, year) | AVOID — use age instead | High — DOB + name + SSN = identity fraud toolkit | Say 'died at age 78' rather than 'born March 15, 1947' | | Full home address | AVOID — use city/neighborhood only | Signals vacant property; enables mail theft; helps fraudsters | Say 'longtime resident of Pasadena' rather than full street address | | Mother's maiden name | NEVER — no reason to include | Security question answer for many financial accounts | Simply not mentioned; no loss to the memorial content | | Names of surviving family members | Use first names only or family roles | Full names help fraudsters construct family relationships for social engineering | 'Survived by his daughter Sarah and son Tom' is safer than full names and cities | | Employer or former employer | General mention is fine; specific details unnecessary | Helps fraudsters target employer benefit accounts | 'Retired from 30 years in engineering' is safer than naming specific company |