The cruel scam ‘ghost hackers' are using to target vulnerable people

Rob Waugh
Updated
ghost hacking Hacker stealing password​s and identity, computer crime
Even death is no escape from the clutches of cybercrime, with a rise in 'ghost hacking'. (Getty) (boonchai wedmakawand via Getty Images)

Cynical ‘ghost hackers’ are deliberately targeting the recently deceased – and using dead people’s accounts to defraud relatives or steal cash.

Thieves use information from sources such as obituaries to identify people who have recently passed away, and then strike – breaking into email and social media accounts.

Hackers commonly try to drain bank accounts or take out loans and credit cards in the dead person’s name, but also attempt to defraud relatives with ‘messages from beyond the grave'.

Victims recount getting messages from dead relatives in the days after their deaths, with hackers exploiting the fact that some may not be aware that the person is dead.

Other attackers use the shock of a message from a dead person to persuade people to open a phishing email, opening them up to more fraud.

Adam Pilton, a former detective sergeant investigating cybercrime and senior cybersecurity consultant at CyberSmart, said: "The days, weeks and months following the death of someone that we love can be particularly hard. Imagine though partway through the grieving process you receive contact from that loved one who's recently passed.

“As much as every fibre in your body tells you that it isn't them and something isn't right about this contact you want to believe it's true you desperately want to speak to that person. This is why ghost hacking is used by cyber criminals as another vector of attack.”

Pilton said that ‘ghost hackers’ can zero in on dead people using obituaries, social media posts and online tributes.

"They then use their skills to potentially exploit weak passwords, bypass security questions or even find credentials from previously breached data, all to gain access to online accounts belonging to the deceased," he adds.

‘Ghost hackers’ can zero in on dead people using obituaries, social media posts and online tributes. (Getty)
‘Ghost hackers’ can zero in on dead people using obituaries, social media posts and online tributes. (Getty) (Tatiana Meteleva via Getty Images)

"But if this is impossible or simply too difficult they can also imitate the deceased's online presence by recreating social media profiles or simply creating new accounts."

Direct financial gain is often the motive, but attackers also target relatives with bogus ‘compensation schemes’ or even investment scams.

The key to avoiding falling prey to ghost hackers is to think ahead. Pilton advises either setting up a ‘digital will’ to ensure relatives have access to important accounts, or to offer someone access via an app like a password manager.

"Additionally, some online providers will memorialise or delete the deceased's account. Others will allow you to designate a legacy contact or a digital heir to manage accounts after death."

Facebook and Google both offer the option to establish a legacy contact who can take over the account after death, but both require action to enable it.

Google’s ‘inactive account manager’ can be found here, with an option to set up someone to take over your account in the event of your death.

Facebook users can set up a ‘legacy contact’ to take over their account in the event of their death – this can be found here.

"To keep control of this process yourself, you could use a password manager which is only accessible to trusted people, just like businesses do with their key accounts. It is also prudent to create a digital inventory of online accounts and plan for their management following your death.

"This allows your loved ones to reduce possible attack vectors and ensure that the photographs and memories are not lost along with you.”

Advertisement