I have observed many times over the last ten or more years that we Australians seem just too relaxed about our online and digital privacy. We have little to no reservations about leaving our personal information and photos strewn over social media and other online places. And ever more frequently it enables or assists identity theft. As if that isn't bad enough, now I am alerted to another level of ID theft; "posthumous ID theft".
Unfortunately, posthumous identity theft is a real problem, affecting nearly 800 000 estates every year (USA). It’s important to know how to protect the estate of your loved ones so their data is not exploited by criminals.
How Do Criminals Find the Information?
Criminals are often well-organized and work diligently to identify potential targets for posthumous identity theft. Massive security breaches like the 2017 Equifax hack have released plenty of personal details to the black market.
Databases of details such as full names, birthdates and addresses exist online for purchase. It’s possible that only small amounts of additional detail are required for identities to be stolen. People who have passed away make tempting targets as the theft can go unnoticed for a long time.
The next section outlines how you can reduce the amount of personal information available in the public domain for criminals to scavenge. Prior to the invention of the internet, criminals were known to crawl through trash cans to steal documents with personal details listed. This is still a concern when grieving relatives are required to clean a deceased relative’s home, and any documents that need to be discarded should first be shredded or destroyed before disposal.
With enough personal information in hand, thieves can use the deceased’s identity to open new accounts and lines of credit, take over existing accounts, and/or collect benefits in the victim’s name.
How to limit personal information in the public sphere
Losing a loved one is very difficult, and often emotions can be overwhelming. Unfortunately, it’s critical that one family member is made responsible for managing the estate of the deceased family member. This may be the nominated executor of the estate. Here is a list of things that should be taken care of promptly. Some of these actions can only be undertaken after an official death certificate is secured, so make it a priority to have the paperwork completed. This is often conducted by the funeral director, but may be produced by a health service such as a hospital if the family member passed away in care.
- Create a list of known bank accounts, credit cards, financial involvements and insurance policies. Get in contact with each provider and close or cancel the accounts,
- Cancel the person’s driver’s licence, passport and any other identity-related licences or permits,
- Send a copy of the death certificate to the IRS to notify them of the death to avoid tax fraud. Send the paperwork to the campus the person would normally file their taxes,
- Contact the three credit bureaus (addresses are listed at the bottom of this list) and ask them to put a note on the file to say the person is deceased. This will happen on its own when the Social Security Administration add the deceased’s Social Security number to the ‘Death Master List’, but it can take up to six months. It’s better to act immediately,
- If you have access to them, edit any social media accounts to remove personal information, or delete them. Some networks allow people to ‘memorialize’ the accounts so they cannot be altered but accessed by previous contacts.
Paul Bishoff's fulll article is here. Although USA centric, it is worth a read to learn about managing the risks of ID theft. More specific advice for Australians follows.
Advice for Australians
Australians should use the advice listed above to proactively protect against posthumous identity theft. The Australian government offers a comprehensive guide regarding who to contact, and includes options to notify the government of the death. This will secure the deceased person’s government details including Centrelink, child support and medicare. The Australian Tax Office will need to be notified separately.
Credit bureaus will need to be contacted individually to have a ‘death note’ attached to the file.
I was caught in a credit card scam last year that's worth highlighting. Although there was little chance of my ID being stolen, it must have involved the theft of someone else's:
I had sourced an item I wanted on ebay.com.au. It was listed at an amazingly low price. The item was listed as brand new. The seller was listed by username only, and rated at 98% satisfaction.
Too good to refuse I ordered it using Paypal for payment, $78 (AU) all up including delivery.
Two days later I received a delivery from OfficeWorks. I was nearly going to refuse delivery because I hadn't ordered anything from OfficeWorks. Long story short, in the presence of the delivery guy we opened the package. It was the thing I'd ordered on Ebay. The invoice (OfficeWorks) was made out to me, full retail price ($329.99 AU) plus $15 delivery.
Payment was shown "By VISA". Now, I don't use VISA online. Only Paypal and occasionally another brand of credit card.
I contacted OfficeWorks and finished up talking to one of their security people. I was told this was common;
- The seller offers something at a low price on ebay, amazon etc..
- The buyer pays and the seller is almost certainly assured of money in the pocket.
- The seller orders that same item from a major retailer, using the buyers details and a (usually) stolen credit card.
OfficeWorks told me they think the scam is quite common. However, it is seldom reported, perhaps because is seems almost victimless. Everyone gets paid and the stolen credit card holder would be protected by their card issuer.
I then referred the matter to ebay. They showed no interest. It was also lodged online with Scamwatch, but I never heard back from them
As I stated at the outset, we seem just too relaxed about online privacy and data theft.