A recent large-scale data breach in South Africa had all the typical traits of a government or credit reporting service compromise. Within the compromised data, however, was an interesting field not commonly seen in other breaches: deceased_status. This raises a morbid question: “Can you hack the dead?” The simple answer is yes. Consider an individual who is recently deceased:
  • Their bank accounts may still be open
  • Their email and social media accounts are likely still active
  • Their cell phones and landlines still work
  • They may not have a will or clear accounting of their assets
Estates are prime targets for everything from identity theft to asset liquidation, since there is often a gap in monitoring the deceased’s assets. How often does it happen and will this be a new trend? The facts indicate that the deceased are easy targets for cybercriminals. For instance, CNBC reported on tax fraud involving the use of Social Security Numbers for almost 67,000 people who would be at least 113 years old. The State of California also provides tips for protecting the deceased from identity theft. Remember the email scams about the dead Nigerian prince who happened to be your distant relative? In reality, a deceased person’s contact list would be an easy target for phishing attacks targeting beneficiaries, next of kin, and others in vulnerable states. While we now laugh off the Nigerian prince scam, the fact is criminals can now launch convincing, multi-stage attacks at scale. The deceased pose the initial attack vector, with their surviving relatives, friends and colleagues facing subsequent threats. Banks, credit bureaus and government agencies all track whether you are alive or dead – information that can leveraged to jeopardize your identity and assets. You can protect yourself and the people you care about by planning ahead. Here’s some information on estate planning from the American Bar Association to get you started.
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

You May Also Be Interested In:

Prefers reduced motion setting detected. Animations will now be reduced as a result.