Scammers read obituaries. They pull death certificates. They open credit cards in your dad's name three weeks after the funeral. About 2.5 million deceased Americans are targeted every year, and most families never know.
Identity theft against a deceased person, often called "ghosting," follows a depressingly reliable pattern. It starts before the funeral is even over.
Scammers scrape obituaries, often within hours of publication, looking for names, dates of death, hometowns, family relationships, and any biographical details that help them open accounts. They cross-reference that data with public records: voter rolls, property records, court filings, and death certificates, which are filed publicly in most US states. With a few hundred dollars of paid data brokers plus free public records, an attacker can build a complete identity package on the deceased within forty-eight hours.
From there the attack splits into several tracks: opening credit cards in the deceased's name, filing fraudulent tax returns to collect refunds, using the SSN for medical care, applying for loans, and increasingly, using the deceased's identity as a "synthetic" base for new fraud personas that combine the dead person's SSN with a living person's name and a fake date of birth. About 2.5 million deceased Americans are targeted by some form of identity fraud every year, and most families never know until a collections notice arrives.
The good news: digital identity theft after death is highly preventable. The attack only works because of a time gap, and the time gap is something an estate plan can close.
The Social Security Administration maintains the Death Master File, a database of reported deaths that financial institutions, credit bureaus, and government agencies use to flag deceased individuals. In theory, once a death is reported, the SSN moves to a "do not honor" status across the financial system.
In practice, the Death Master File has a lag. Funeral homes typically report deaths to the SSA within a few weeks. The SSA processes the report, the data flows to credit bureaus, the credit bureaus flag the file, and only then do the automated checks at banks and lenders start failing on the deceased's SSN. The end-to-end gap is often four to eight weeks. Sometimes longer.
That gap is the attack window. The scammers know exactly how long they have. They start applying for credit the same week they read the obituary, and they keep going until applications start getting rejected. By the time the family realizes anything is wrong, the fraud may already be on the credit file.
You cannot eliminate the time lag in the Death Master File. You can compress the attack window by notifying the major institutions directly, the same week the death occurs.
Three trends have made the problem more acute in the last few years:
Add the rise in data broker availability, and the cost of building an attack package on any specific deceased person has collapsed. Volume scams are now economic at very low fraud yields per target.
The single highest-leverage thing a family can do to prevent digital identity theft after death is notify these five sets of institutions, in writing, with a certified death certificate, within thirty days. Order matters less than completeness, but if you're triaging, do them in this sequence.
Even though the funeral home typically reports, file your own notification too. Call 1-800-772-1213. The SSA adds the death to its records and stops any benefit payments. This kicks off the Death Master File propagation, which closes the attack window everywhere else.
Equifax, Experian, and TransUnion each have a deceased-person process. Send a written request with a certified death certificate asking them to flag the file as "Deceased: Do Not Issue Credit" and to remove the deceased from any pre-screened credit offer lists. Request a credit report from each bureau, dated after the flag, so you can see whether any fraudulent accounts already exist.
File the final tax return marked "Deceased" with the date of death. Form 1310 if you're claiming a refund as the surviving spouse or estate. Filing early reduces the window for fraudulent tax returns to be filed first. The IRS also has an Identity Protection PIN program for deceased taxpayers in some circumstances.
Notify the state DMV to cancel the driver's license or state ID. This prevents the physical document from being used and removes the record from databases that fraudsters can sometimes access.
Banks, brokerages, credit cards, mortgage servicers, auto loan servicers, student loan servicers, anyone with the deceased's account number. Each one needs the death certificate and a written notification. Most have a deceased-customer team that handles the rest.
Beyond the "deceased" flag, you can also place a full credit freeze on each of the three bureaus for the deceased. This is the cleanest single defense against digital identity theft after death. With a freeze in place, even if a fraudster has the SSN and personal information, no new credit can be opened without unfreezing the file, which only the estate can do.
The process at each bureau:
It takes about an hour total, costs nothing, and effectively shuts down the new-account fraud channel.
Identity theft is only one half of the digital-after-death problem. The other half is what happens to the deceased's actual online identity: their email account, their social media, their cloud storage, their stored payment methods. Each one is its own attack surface.
The two biggest vectors:
This is the layer where a thorough digital assets memorandum pays for itself. The executor needs to know which accounts to deal with, in what order, and how. We've walked through the full operational sequence in our executor duties checklist, and digital identity protection runs through the entire timeline.
Four scam variants show up over and over in 2026. Knowing the shape of each helps families spot them fast:
Don't engage with the caller or click the link. Report obituary scams to the FTC at ReportFraud.ftc.gov. File a police report if money was already lost. Forward phishing emails to reportphishing@apwg.org. Document everything in the estate file.
Naming a digital executor in your estate plan, while you're still alive, is one of the single most effective defenses against digital identity theft after death. Why? Because the typical lag in the SSA Death Master File assumes nobody is actively working on the digital identity. A digital executor who has the access, the documents, and the instructions ready can do all five of the major notifications inside the first week, not the first month.
A well-built digital executor role typically includes:
The first week is where the leverage is. Every account locked, every freeze placed, every notification sent inside the first seven days closes a specific attack vector. The companies that profit from estate-related fraud are betting on disorganized families. A digital executor with a checklist breaks that bet.
Most of the prevention above is reactive: respond fast after the death. There's also an upstream play. The richer the obituary and the more visible the estate plan, the easier the attack. A few choices made now reduce the surface later:
For families who want a complete defensive playbook:
The full operational map for this, including which documents the executor will need at each stage, lives in our broader privacy and your will walkthrough, where the estate plan structure itself becomes part of the defense.
Digital identity theft after death is a problem of speed and information. The faster the family acts and the less casually exposed the data, the less viable the attack. The playbook is mechanical once written down. The hardest part is having it ready before you need it.
DocSats was built for the privacy-first half of this problem. Your will and your digital executor instructions are encrypted in your browser before they reach our servers, so the document that would otherwise be a treasure map for fraudsters is unreadable to anyone except you and the people you've authorized. The signed documents are anchored to the Bitcoin blockchain so timing and authenticity are independently provable, and the digital assets clauses cover the executor's notification list, the credit freeze sequence, and the account-by-account playbook your family will run in the first week. If you've been worried about what happens to your digital identity after you're gone, this is the layer that closes the gap.
DocSats generates legally valid wills, healthcare proxies, and powers of attorney with comprehensive digital asset clauses. Encrypted in your browser before it ever leaves your device. Verified on the Bitcoin blockchain. Starts at $99.
Create Your Will Today