It was two weeks after her mother’s death, and Melanie’s grief was just beginning to subside when a notification appeared on a younger relative’s phone.
To the family’s horror, it was a Facebook DM from her late mother. ‘Hello how are you doing today?’ message read.
Reading it set off a cascade of emotions in Melanie – for a split second there was a glimmer of hope that she might still be alive.
Then came the sudden realization that something more sinister was at play.
Melanie – who asked to remain anonymous to prevent the family from being victimized again – was the victim of a growing ‘ghost hacking’ scam.
The scammer quickly moved on to trying to sell bogus investment opportunities (Image: Daily Mail)
Melanie says the hacker struck within two weeks of her mother’s death
Ghost hacking sees hackers target the accounts of recently deceased individuals, either for outright theft or to fraudulently send messages to family members.
Melanie says her mother, who had passed away after a short illness, started sending messages to family members from a cloned Facebook account.
Melanie believes hackers may have looked at obituaries or local news reports of recent deaths to find victims to target.
She told DailyMail.com: ‘It was quite upsetting, not just for me but for my wider family because mum was such a character in the family. ‘
In Melanie’s case, the hacker contacted a young family member at university and said Melanie’s mother had recently found a brilliant investment opportunity.
Melanie said: ‘The conversation started with a simple, ‘Hi, how are you?’ and then the hacker went on to scam $150,000 worth of compensation payments.
Melanie said the hacker appeared to be using a cloned Facebook account and it was ‘incredibly difficult’ to get in touch with Facebook to stop it.
The family hadn’t thought to deal with her mother’s online accounts because of the quick events surrounding her mother’s death.
“I want to prevent other people from going through what we did,” Mel said.
‘You have to think about the person’s digital presence while they are still alive – and think about your own if the worst should happen.’
The scammer quickly tried to get Mel’s cousin to visit a fake website (Picture Daily Mail)
Hackers use obituaries to identify people who have recently passed away and try to hack into email and social media accounts.
Hackers then often try to either drain bank accounts and pension funds or take out loans in the name of the deceased.
Sometimes the hackers use the person’s email and social accounts to send spam and scams to relatives.
It’s easier to take control of dead people’s accounts because no one is monitoring the activity, and when you’re inside e-mail, for example, hackers can move on to more valuable financial accounts.
Hackers target the recently dead to steal from their accounts
Patrick Tiquet, Deputy Director of Security and Compliance at Keeper Security said: ‘Cybercriminals can use obituaries, social media profiles and public records to track down the deceased and the potentially vulnerable accounts they left behind.
‘Bad actors can then use sophisticated techniques to launch cyberattacks to breach these ‘ghost’ accounts – exploiting weak passwords, forgotten security questions or even exploiting stolen credentials from previous data breaches.
Hackers can ‘piece together’ data from previous leaks or from details shared online to access ‘ghost’ accounts, warns Tiquet.
Tiquet says: ‘Cybercriminals wait for their opportunity to strike, targeting individuals of all ages, backgrounds and walks of life – both in life and after people have passed.
‘Data breaches happen every day which can compromise personally identifiable information (PII) and this treasure trove of data finds its way to the dark web where it is eagerly bought and sold. Cybercriminals can use this stolen information to commit additional crimes, such as identity theft or financial fraud, which can leave families reeling as their loved one’s legacy is tarnished by unseen hands.
The key to avoiding falling into the clutches of ‘ghost hackers’ is to think ahead and set up options to ‘remember’ accounts – or ensure a family member is ready to recall or delete accounts.
Facebook and Google, for example, allow you to establish a legacy contact that can take over the account after death.
To visit Google’s ‘inactive account manager’ and create a contact to ‘take over’, click here.
To create a ‘legacy contact’ on Facebook to take over your account in the event of your death, click here.
Tiquet says, ‘taking a digital inventory of your online presence, assets and liabilities; designate a digital heir to receive your credentials and assets; and coming up with a plan such as storing credentials and personal documentation in a secure password manager that can be passed down to your digital heir will ensure that your digital presence can rest in peace.
“Securing our digital legacy isn’t just about protecting our online endeavors today; it’s also about shielding our loved ones from the specter of cyber threats that linger long after we’re gone.’ –