Skip to main content

Digital Estate and Post-Mortem Exploitation

A death creates a window of vulnerability that scammers know how to use. Planning closes it.

The Loans He Never Took

Rajesh passed away in November. His family were managing the practical aftermath - death certificates, insurance, arranging the funeral - when the calls started.

A bank rang about a personal loan. Then a second call, about a credit card. His email had been accessed, and password reset requests had gone out to two banking apps. His social media account had posted a message his family had not written.

Nobody in his family had access to his accounts. He had never written down a password. His phone was locked with a face ID that no longer worked.

The family did not know that obituaries are scraped within hours. They did not know that a death creates a gap between the person being gone and the accounts still being active - and that scammers exploit that gap deliberately.

The Scale of Post-Mortem Exploitation

2.5 million

deceased Americans have their identities stolen each year.

Post-mortem identity theft often goes undetected for months - the victim cannot report it.

Source: FTC, 2024
Digital Persistence

2.9 Million Facebook Accounts Are Deceased

An estimated 2.9 million Facebook accounts belong to deceased users, growing by 1.7 million per year. Active accounts belonging to deceased people are targets for exploitation.

Source: Oxford Internet Institute, 2024
Planning Gap

Only 11% Have a Digital Legacy Plan

Only 11% of adults have any form of digital legacy plan. This means 89% of families face unknown accounts, locked devices, and active subscriptions without guidance when someone dies.

Source: Empathy.com, 2025
Memorialisation Works

90% Fewer Accounts Exploited

Families who set up memorialisation or legacy contacts lose 90% fewer accounts to exploitation after a death. The protection is significant - and takes less than an hour to set up.

Source: Digital Estate Planning Survey, 2025
When to Act

Before, Not After

Setting up a digital will takes 30 to 60 minutes and can save a grieving family months of account disputes, unexpected charges, and exploitation. It is most useful when done before it is needed.

Source: Digital Estate Planning Survey, 2025

The Post-Mortem Window of Vulnerability

Within hours of an obituary being published online, automated scrapers collect the name, date of death, family members named, and often the address.

This information is used to:

  • Contact grieving family members claiming the deceased owed debts
  • Attempt password resets on the deceased's banking and email accounts
  • Impersonate the deceased in fraudulent applications for loans or cards
  • Access loyalty points and gift card balances before accounts are locked

The most dangerous period is the first 2 weeks. Acting quickly closes the window.

Immediate Steps After a Death

Within the first week:

  1. Notify the bank - request immediate account freezes. Bring the death certificate. Ask about any pending transactions or new applications.

  2. Request at least 10 certified copies of the death certificate - you will need one for each institution and bureau.

  3. Notify the three credit bureaus (Equifax, Experian, TransUnion in the US; Equifax, Experian, CIBIL in India) - request a "deceased alert" on the credit file. This prevents new accounts from being opened.

  4. Contact major platforms - Facebook, Google, Apple, Microsoft all have bereavement processes. You will need a death certificate and proof of relationship.

  5. Cancel subscriptions - streaming, cloud storage, and other recurring billing continues until cancelled. Check bank statements for recurring charges.

Legacy Contacts and Memorialisation

Set this up in advance. These features exist specifically to protect accounts after death:

PlatformWhat is Available
Facebook/MetaLegacy Contact - a named person who can manage tributes, download content, and memorialise the account
AppleDigital Legacy - up to 5 people who can access your data after death with a death certificate
GoogleInactive Account Manager - designate who receives your data after a set period of inactivity
MicrosoftNext of kin can request content access with death certificate

Memorialising an account (Facebook, Instagram) converts it to a tribute space that cannot be logged into. Deactivation removes the account entirely. Both are better than leaving an active account unmanaged.

Freezing Credit After Death

Contact each credit bureau with a certified death certificate and request a "deceased notice" or "deceased flag" on the file.

This prevents:

  • New credit cards being opened
  • Loans being taken in the deceased's name
  • Fraudulent applications using their National Insurance / Social Security / Aadhaar number

In the UK, the Tell Us Once service notifies multiple government departments simultaneously. In India, notify CIBIL directly with the death certificate.

Creating a Digital Will

A digital will is a document - stored securely - that tells your family where your accounts are, what your preferences are, and what to do with them.

What to include:

  • List of email accounts and the recovery email or phone number for each
  • Social media accounts and your memorialisation preference
  • Banking apps and the branch contact number
  • Subscription services and which card they bill
  • Cloud storage and what is stored there
  • Crypto wallet location (where seed phrase is stored - not the phrase itself)
  • Device encryption: whether your phone or laptop is encrypted and who knows the unlock

Where to store it: In a physical envelope marked clearly and given to your executor. Or in a password manager under a master password shared with one trusted person. Not on your phone alone.

Try It: Digital Legacy Planner

This tool guides you through creating a structured digital estate document - covering accounts, subscriptions, storage, crypto, and memorialisation preferences.

What That Just Showed You

1. Most digital estates are undocumented. Without a record, families spend months contacting platforms one by one - often unable to prove they have the right to access anything.

2. Subscriptions outlive people. Without a clear record of recurring billing, money continues to leave an estate for services nobody is using. This is one of the most overlooked practical issues.

3. Crypto requires specific planning. Unlike bank accounts, cryptocurrency cannot be recovered without a seed phrase. If that phrase is not documented and stored accessibly, the funds are permanently inaccessible.

Three Things Worth Doing

1. Set up a Legacy Contact on Facebook and an Inactive Account Manager on Google today. It takes 10 minutes and requires no other preparation. Go to settings on each platform now.

2. Ask the person who would manage your estate whether they know your device PIN. If the answer is no, that is a problem worth solving.

3. Write down where your accounts are - not the passwords, just the list. Email, banking, social media, cloud storage. Put it somewhere your executor can find it. This single step solves most post-mortem digital problems.

One Question Before You Continue

Knowledge Check

Someone has passed away and you are managing their estate. What should you do within the first week to protect their identity?