Deceased Identity Theft: Protecting the Recently Deceased

Deceased identity theft — the fraudulent use of a dead person's personal information to open accounts, file false tax returns, or claim benefits — represents a distinct category within the broader identity theft types covered in this network. Estates, surviving family members, and personal representatives face a compressed window of vulnerability between the moment of death and the moment credit bureaus, government agencies, and financial institutions receive official notification. This page describes the threat landscape, the mechanisms exploiters use, the scenarios in which fraud materializes, and the boundaries between preventive, reactive, and legal responses.

Definition and scope

Deceased identity theft, sometimes called "ghosting" in fraud investigation practice, occurs when a perpetrator uses the Social Security number, date of birth, or other personally identifiable information of a deceased individual to conduct unauthorized financial or government transactions. The Federal Trade Commission classifies this activity under the statutory definition of identity theft established in the Identity Theft Assumption and Deterrence Act of 1998 (18 U.S.C. § 1028), which criminalizes the knowing transfer or use of another person's identification with intent to commit unlawful activity — the statute does not exclude deceased individuals from the definition of "person" for these purposes.

The scope of the problem is documented by the Social Security Administration's Office of the Inspector General, which has identified exploitation of the Death Master File — a public dataset of Social Security numbers linked to reported deaths — as a primary vector enabling this fraud (SSA OIG). The Death Master File is administered by the National Technical Information Service under 15 U.S.C. § 3512 and is restricted to credentialed organizations, but the underlying data surfaces in data broker databases and dark web repositories.

Two structural variants define the threat:

• Opportunistic deceased identity theft — Perpetrators scan obituaries, public death records, or breached datasets for recently deceased individuals and exploit the lag time before credit bureaus and government agencies update their records.
• Familiar deceased identity theft — A family member, caregiver, or estate contact uses the decedent's credentials. The FTC's consumer-facing resource at IdentityTheft.gov identifies this as a distinct recovery pathway because the perpetrator has legitimate contextual access to documents.

How it works

The exploitation window opens at the moment of death and narrows only when three independent notification processes complete: Social Security Administration notification, credit bureau flagging, and financial institution account closure. Each process operates on a different timeline, and none is automatic without survivor or estate action.

The operational sequence follows a recognizable pattern:

1. Identification of the deceased — Perpetrators access obituaries, public probate filings, or purchased data broker records to obtain name, date of birth, and Social Security number.
2. Credit file exploitation — Because the decedent's credit file remains active until a bureau receives official notification, a perpetrator can apply for credit in the decedent's name. The three major bureaus — Equifax, Experian, and TransUnion — each maintain separate records and require separate notification under the Fair Credit Reporting Act (15 U.S.C. § 1681).
3. Tax fraud filing — Perpetrators file fraudulent federal or state income tax returns using the decedent's Social Security number to claim refunds before the estate files a final return. The IRS Identity Protection Specialized Unit handles these cases (IRS Identity Theft Central).
4. Benefits fraud — Medicare, Social Security survivor benefits, and VA benefits can be fraudulently claimed or continued after death. The SSA OIG reports that improper payments to deceased individuals have represented hundreds of millions of dollars annually in identified overpayments (SSA OIG Audit Reports).
5. Account takeover — Existing financial accounts — bank, brokerage, or credit card — may be accessed using credentials obtained from the decedent's mail, devices, or estate documents before accounts are formally closed.

Common scenarios

Probate delay exploitation occurs when estate administration takes months or years, leaving accounts and credit files active. Perpetrators monitoring public probate dockets identify high-value estates and target them during the administration gap.

Medical identity fraud targets deceased individuals' Medicare or Medicaid records to submit fraudulent claims for services never rendered. The Department of Health and Human Services Office of Inspector General tracks this pattern under its healthcare fraud enforcement mandate (HHS OIG).

Synthetic identity construction uses a deceased person's Social Security number combined with a different name and date of birth — creating a "synthetic" identity that bypasses standard matching algorithms. The Consumer Financial Protection Bureau has identified synthetic identity fraud as one of the fastest-growing forms of financial crime in the United States (CFPB Research).

Small estate fraud disproportionately affects decedents whose families lack legal representation or financial sophistication. Without a personal representative actively monitoring accounts, unauthorized transactions may go undetected for 12 months or longer.

Decision boundaries

Survivors, executors, and personal representatives navigating this landscape operate within a framework of distinct, sequential responsibilities — not a single unified process. The decision structure below maps the primary intervention points:

• Immediate notification priority (within 30 days of death): Notify the Social Security Administration, all three major credit bureaus, and primary financial institutions. Request a "deceased" flag on all three credit bureau files. The Social Security Administration notification process is documented at SSA.gov.
• Tax authority notification: File IRS Form 56 (Notice Concerning Fiduciary Relationship) and ensure the final Form 1040 is filed on the normal schedule. If prior-year refunds are due, Form 1310 is required. The IRS distinguishes between estate tax obligations and identity theft remediation — these are separate workflows.
• Credit bureau distinction: Placing a deceased indicator differs from placing a fraud alert or credit freeze. A deceased indicator prevents new credit issuance entirely; a fraud alert (governed by 15 U.S.C. § 1681c-1) requires lenders to take additional verification steps but does not halt applications. Personal representatives who discover fraudulent accounts already opened must file a dispute under FCRA Section 605B, which mandates blocking of information resulting from identity theft.
• Law enforcement boundary: Filing a police report is a prerequisite for several FCRA dispute remedies and for IRS Identity Theft Affidavit processing (IRS Form 14039). Estate attorneys and fraud investigators operate at this juncture; credit bureau dispute processes do not substitute for criminal reporting when fraud has occurred.

For a full map of service providers operating in this sector, see the Identity Protection Providers or review the to understand how service categories are classified. Researchers and professionals evaluating how to navigate this reference can consult the guidance on how to use this resource.