Full Report
Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.
Analysis Summary
# Best Practices: Digital Asset Recovery and Posthumous Security
## Overview
These practices address the management of a "digital estate"—the emails, social media accounts, cloud storage, and financial assets left behind after death. They aim to prevent "ghosting" fraud (identity theft of the deceased), financial drain through uncancelled subscriptions, and the loss of sentimental or financial digital assets.
## Key Recommendations
### Immediate Actions
1. **Inventory Digital Assets:** Create a comprehensive list of all important accounts, devices, and digital assets (e.g., email, banking, social media, crypto wallets).
2. **Assign Legacy Contacts:** Use built-in platform features (Apple Digital Legacy, Google Inactive Account Manager, Facebook/Instagram Legacy Contact) to designate who can manage accounts after your passing.
3. **Place Credit Alerts:** For the deceased, immediately notify credit bureaus (Equifax, Experian, TransUnion) to place a "Deceased Alert" on their credit reports to prevent new lines of credit from being opened.
4. **Notify Vital Organizations:** Cancel the deceased’s driver’s license and notify the tax authorities (IRS/HMRC/relevant agency) to prevent tax return fraud.
### Short-term Improvements (1-3 months)
1. **Subscription Audit:** Identify and cancel ongoing automated subscriptions to prevent the depletion of estate funds.
2. **Bank & Card Freezes:** Freeze all bank and credit card accounts until they can be legally closed or transferred.
3. **Obituary Security Review:** Limit personal details (birth dates, addresses, mother’s maiden names) in published obituaries to prevent fraudsters from harvesting data for impersonation.
4. **Emergency Access Configuration:** Set up "Emergency Access" features within password managers (e.g., 1Password, LastPass, Keeper) to grant a trusted person access to the vault under specific conditions.
### Long-term Strategy (3+ months)
1. **Estate Plan Integration:** Formally include digital assets and login instructions in legal wills or trusts, referencing specific laws like RUFADAA (US) where applicable.
2. **Account Decommissioning:** Systematically delete accounts that are no longer needed once data has been retrieved to reduce the "digital footprint" available to hackers.
3. **Family Cybersecurity Briefing:** Educate survivors on posthumous scams, such as deepfake AI videos of the deceased requesting money or fake "account recovery" services.
---
## Implementation Guidance
### For Individuals and Families
- **Conversation First:** Discuss digital legacy preferences with heirs before a crisis occurs.
- **Centralize Logins:** Use a password manager rather than physical notes; share the master key or use the "emergency access" feature with a legal beneficiary.
### For Legal and Financial Advisors (Small/Medium)
- **Standardize Intake:** Include "Digital Asset Disclosure" forms as a standard part of client onboarding for estate planning.
- **Verification Protocols:** Establish strict identity verification for relatives claiming access to a client’s digital files.
### For Large Enterprises (Tech & Service Providers)
- **Standard Implementation:** Adopt OpenID Foundation recommendations to simplify the transfer of digital remains.
- **Transparency:** Clearly define "Terms of Service" regarding the death of a user to eliminate ambiguity for grieving family members.
---
## Configuration Examples
| Platform | Feature Name | Configuration Action |
| :--- | :--- | :--- |
| **Apple** | Digital Legacy | Go to Settings > [Name] > Sign-In & Security > Legacy Contact. |
| **Google** | Inactive Account Manager | Go to myaccount.google.com/inactive to set a timeout period and notify a contact. |
| **Instagram** | Legacy Contact | Select a contact to manage a memorialized account via Account Center. |
| **Password Managers** | Emergency Access | Invite a trusted email address; set a "waiting period" (e.g., 7 days) before they gain access. |
---
## Compliance Alignment
- **RUFADAA (US):** Revised Uniform Fiduciary Access to Digital Assets Act—provides legal authority for executors to manage digital assets.
- **Property (Digital Assets, etc.) Bill (UK):** Proposed legislation to classify digital assets as personal property.
- **EU Succession Law:** Efforts by the European Law Institute to harmonize the inheritance of digital data.
---
## Common Pitfalls to Avoid
- **Over-sharing in Obituaries:** Including the deceased’s full birth date and home address provides 50% of the data needed for identity theft.
- **Relying Solely on Passkeys:** If passkeys are tied to a device that is locked/encrypted and the heir doesn't have the PIN, the data may be lost forever.
- **Ignoring Post-Mortem Scams:** Falling for "life insurance collection fees" or "paid account unlocking services" which are almost always fraudulent.
---
## Resources
- **Apple Digital Legacy Support:** [support.apple[.]com/en-us/102631]
- **Google Inactive Account Manager:** [myaccount.google[.]com/inactive]
- **OpenID Foundation Whitepaper:** [openid[.]net/wp-content/uploads/2026/03/The-Unfinished-Digital-Estate-Final.pdf]