NEW YORK (TheStreet) -- In April, a ring of identity thieves was busted in Detroit for filing 306 fraudulent tax returns, using the names and Social Security numbers of recently deceased individuals. Filing electronically from local hotels and coffee shops, the family of fraudsters netted nearly $500,000 in illegal refunds.

Before a new law was passed just over a year ago, the Social Security Administration's Death Master File (DMF) was a deep mine of data for “ghosting” crimes -- a relatively easy place from which to steal the names and reputations of the deceased. With the Social Security numbers, dates of birth and death of nearly 100 million deceased people, the DMF was easy pickings. Now, a fee-based certification program has been established to help restrict and monitor access to the info. But crooks are not easily discouraged.

Another database, the Social Security Death Index (SSDI), even without providing Social Security numbers, offers a good starting place for identity thieves to launch their efforts.

The Social Security Administration has long been a leaky faucet of personal information, easily tapped by criminals. Patrick P. O’Carroll Jr., inspector general for the SSA, testified to Congress in March that federal agencies allowed more than $124 billion in improper payments in fiscal 2014 alone. The Numerical Identification System, “Numident” for short, has been the Social Security Administration's weak link.

TheStreet Recommends

“Our auditors identified 6.5 million numberholders age 112 or older who did not have death information on the Numident,” O’Carroll said. “We initiated this review after a financial institution reported a man opened bank accounts with several different SSNs (Social Security Numbers), two of which belonged to numberholders born in 1886 and 1893; while the numberholders were likely deceased, neither Numident record contained a date of death and, thus, the records would not appear on the DMF.”

O’Carroll added that almost all of the 6.5 million people missing from the files were born before June, 1901.

“Their absence from the DMF could result in erroneous payments made by Federal benefit-paying agencies that rely on the DMF to verify recipient eligibility, and it could also hinder state and local government and private industry -- banks, insurance companies, and others -- from identifying identity theft and other types of fraud,” he said.

Identity theft of the deceased is most often used to file fraudulent tax returns for refunds -- the case in Detroit is just a recent example. The nonprofit Identity Theft Resource Center offers these steps to minimize the risk:

  • While some businesses will accept copies of a death certificate, many will require an original. Obtain multiple originals of the deceased’s death certificate to distribute to banks and other lenders, mortgage, credit card and insurance companies, as well as the Social Security Administration and the IRS.
  • Notify credit reporting agencies to flag the deceased’s credit report with a “deceased alert.”
  • Limit the amount of personal information in a published obituary. Avoid including such items as date of birth, former address, mother’s maiden name or other details useful to identity thieves.
  • Request a copy of the decedent’s credit report. That will let you know if there are any remaining credit accounts that still need to be closed, or tip you off to signs of potential fraudulent activity.