ID Theft in the Afterlife

Digital Legacy, Estate PlanningLeave a Comment

Originally published on the AARP blog on May 9, 2014, by Sid Kirchheimer

To protect against identity theft, you should never share too much about yourself on social media.

But once you die, those accounts can pose new problems – beyond the heartbreaking reminders that come with “friend” requests made from the deceased, often through automated programs or a hacker’s ingenuity.

Each year, the identities of some 2.5 million deceased Americans are used to fraudulently open credit card accounts, apply for loans, or get cellphone or other services. Each day roughly 2,200 dead people are specifically targeted for identity theft, according to one report.

It’s unclear how many of these cases result from ID thieves gleaning personal information from social media accounts to do their dirty work. But this much is clear: The less about you that lives in cyberspace and elsewhere, the less vulnerable you are – in life and death.

Privacy Trumps Protection

Problem is, due to privacy laws, family members may not be able to simply log in and close the social media accounts of the dearly departed – legally, at least. Although social media websites have policies related to deactivating accounts of the deceased, they usually require providing proof such as a death certificate or published obituary.

So what should you do to prepare for the inevitable – at least as it applies to protecting yourself on social media?

Have a “social media will.” Attorneys and estate planners increasingly recommend that you name beneficiaries to your digital content, just as is done with bank accounts, stocks and safe deposit boxes.

Get online guidance. Websites such as Death and Digital Legacy and The Digital Beyond  provide information about digital content and rights to that content after the death of the owner. Legacy Locker says it lets users grant access to friends and loved ones in the event of loss, death or disability. There’s also Dead Social to create post-death messages on social networks.

But mostly, know these policies – and be prepared to provide a lot of paperwork:


Instead of allowing a family member to simply take control of a deceased user’s account, the largest social media website lets the relative either “memorialize” or delete it.

  • With a memorialized account, no new friends are accepted and, depending on privacy settings, only confirmed friends can visit that page to view photographs and leave posts of remembrance. Content that the deceased had shared, such as photos or posts, remains visible to the audience it was previously shared with, but memorialized timelines don’t appear in People You May Know and other suggestions.
  • A safer route is to close the deceased’s account. This requires proof of death, such as a death certificate, from an authorized representative who must prove his or her affiliation.


To deactivate an account, Twitter says it will “work with a person authorized to act on the behalf of the estate or with a verified immediate family member of the deceased.” It requires, via mail or fax to 1-415-865-5405, the user name on the account, a copy of the deceased user’s death certificate, a copy of the requester’s driver’s license or other government-issued ID, and other information – including relationship to the deceased. Family members can save a backup of the deceased’s tweets.


Anyone, family or not, can ask to delete the account of a deceased member. The process starts by answering questions on an online form signed electronically and providing proof of death – a death certificate, obituary, news article or Internet link.


To access or deactivate a deceased user’s account, an authorized representative of an estate must apply directly to Google. The process consists of two stages. First, reps must provide, by mail or fax to 1-650-396-4502, their contact information and proof of identity, along with the deceased’s death certificate and Gmail address. Then, after what may take months – as the dead person’s account remains active – properly vetted reps must provide additional legal documents, including an order from a U.S. court.

Google also has a feature called Inactive Account Manager. To use it, you need to set a time-out period – between three and 12 months – and add your phone number and contact details for up to 10 trusted friends or family members. After that period of inactivity, Google sends a text message and email to the account holder. If there’s no response, Google alerts friends or family members who can access whatever personal data you granted for Gmail and services such as Blogger, Picasa Web Albums and YouTube.

Sid Kirchheimer, author of “Scam-Proof Your Life” and more than a dozen other books, covers consumer and health issues for AARP Media. – see more at

Leave a Comment

1 + 1 =