Editors' pick: Originally published Dec. 1.
Fraudsters are expanding their network of stealing identities and are increasingly targeting deceased individuals to commit fraud such as opening credit card applications.
Cyber criminals are focusing on this group of people to perpetrate fraud, because after a death, people's identities often remain on mortgages or car loans for awhile. Fraudsters are creating "zombie identities," and the theft occurs often quickly afterwards by focusing on retailers, health care and insurance companies, government agencies and financial institutions to find victims, said Christopher Pinion, manager of fraud management practice at LexisNexis Risk Solutions, an Atlanta-based risk data provider.
These fraudsters are often not sophisticated ones and target family members such that, as a result, there are addresses where several people living in a home wind up sharing the same social security number of a dead person, Pinion said.
In effect, multiple people are using the same deceased person's Social Security number in order to obtain money and status among their peers, Pinion said. This type of identity theft is prevalent, partly because once a fraudster figures out the process, he will share the information with friends and family members.
"Once that happens, the knowledge spreads like a weed and goes viral, which is why you can see pockets of zombie haunted houses from our data," he said.
As other groups are picking up on the scheme, including gang members, these cyber criminals are presenting a challenge to companies to work on identifying and combating these cons to not only protect the identities of those who are deceased, but also living individuals, Pinion said.
One unforeseen outcome of "zombie" fraud is that it also affects legitimate, living consumers who sometimes are caught up in the crossfire and are targeted incorrectly, preventing them from making a purchase, he said.
Many consumers are now experiencing the secondary effects of mass identify theft where their identities are not just stolen once, but multiple times, said Peter Nguyen, director of technical services at LightCyber, a Los Altos, Calif.-based provider of behavioral attack detection solutions.
"As 'The Walking Dead' has so aptly taught us, the living are the ones to fear, rather than the dead," he said. "Now the identities of the deceased may be worth at least as much as those for the living."
These large wholesale thefts of personal information have resulted in hackers focusing on the same victims again such as those from the massive U.S. Office of Personnel Management breach who now have been struck with ransomware campaigns disguised as information about their compromised identity, Nguyen said.
Stealing identities from those who are deceased is also known as "ghosting," and even a couple of years ago, this phenomenon had risen to 2,000 to 2,500 identities a day which were being used or abused by either thieves or family members, said Chris Roberts who conducted the research with the AARP and is chief security architect at Acalvio, a Santa Clara, Calif.-based provider of advanced threat detection and defense solutions.
How to Combat Zombie Fraud
Notifications from family members to government agencies and financial institutions about the death of a family member typically take six months or longer, said Roberts. Fraudsters are often obtaining information to conduct their schemes from obituaries.
"If you think about it, there is a lot of intelligence that's put into the obituaries that should be left out," he said.
Consumers can try to prevent and halt additional fraud from occurring by reporting the death to the Social Security administration, the IRS and the three main credit bureaus, along with the department of motor vehicles, banks and insurance companies.
"Basically, hit everyone and anyone to make sure it's noted," Roberts said. "List the minimal amount of data possible in the obituary notice."