BeyondTrust
A recent large-scale data breach in South Africa had all the typical traits of a government or credit reporting service compromise. Within the compromised data, however, was an interesting field not commonly seen in other breaches: deceased_status. This raises a morbid question: “Can you hack the dead?” The simple answer is yes. Consider an individual who is recently deceased:
  • Their bank accounts may still be open
  • Their email and social media accounts are likely still active
  • Their cell phones and landlines still work
  • They may not have a will or clear accounting of their assets
Estates are prime targets for everything from identity theft to asset liquidation, since there is often a gap in monitoring the deceased’s assets. How often does it happen and will this be a new trend? The facts indicate that the deceased are easy targets for cybercriminals. For instance, CNBC reported on tax fraud involving the use of Social Security Numbers for almost 67,000 people who would be at least 113 years old. The State of California also provides tips for protecting the deceased from identity theft. Remember the email scams about the dead Nigerian prince who happened to be your distant relative? In reality, a deceased person’s contact list would be an easy target for phishing attacks targeting beneficiaries, next of kin, and others in vulnerable states. While we now laugh off the Nigerian prince scam, the fact is criminals can now launch convincing, multi-stage attacks at scale. The deceased pose the initial attack vector, with their surviving relatives, friends and colleagues facing subsequent threats. Banks, credit bureaus and government agencies all track whether you are alive or dead – information that can leveraged to jeopardize your identity and assets. You can protect yourself and the people you care about by planning ahead. Here’s some information on estate planning from the American Bar Association to get you started.

Morey J. Haber

CISO at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In: