It’s always disturbing.
I understand this would be a deeply disturbing event, regardless of the cause.
Unfortunately, I don’t have much good news. There are things to try and things to understand.
And sadly, some things to prepare for.
Become a Patron of Ask Leo! and go ad-free!
Email from the deceased
Receiving emails from a deceased person’s account can be distressing. This can occur due to a hack or from spam spoofed to appear as if it’s from the deceased. Legality isn’t clear, but you can try contacting the email provider, ideally with a death certificate, to close or secure the account. In the meantime, setting up an email filter to delete the messages might be the most practical solution. It’s also a reminder to arrange emergency access to your own digital world to prevent similar situations in the future.
Accessing the account
I don’t mean to be flippant, but if no one has the password, regaining access is difficult enough when you’re alive.
When any third party attempts to gain control of someone else’s account, alive or dead — if only to close it — account security measures are in place to confirm that they are authorized to do so. Unless arrangements have been made beforehand, those security measures often make it practically impossible to close someone else’s account no matter the reason.
Let’s back up and consider what may have happened.
Potential cause #1: A random hack
It’s certainly possible that the account was hacked, particularly since the email was sent only to people who could be expected to appear in your late friend’s address book.
It’s not uncommon for a spammer who’s hacked an account to immediately use it to send out spam. That spam is generally random, but occasionally they’ll use the account’s address book as a convenient source of known good email addresses.
I’m skeptical, though. This kind of random hack can happen at any time.
The timing of this makes me doubt a random hack.
Potential cause #2: A targeted hack
This is less likely, but as I said, the timing leads me to wonder.
If there’s someone with whom the departed shared his sign-in credentials, that person could be using this as an opportunity.
If someone has a grudge against the deceased or their family, they could take this as an opportunity to proactively try to attempt to hack the account. This is typically more difficult if the account owner isn’t around to, say, fall for a phishing attempt, but it’s still possible.
In general, this also seems unlikely.
Potential cause #3: Random spam
It’s not at all difficult to make spam look like it comes from a specific email address without having direct access to that email address’s account. Spammers do this constantly to avoid being blocked and/or traced back to their source.
Anyone who’s received spam, which is pretty much all of us, can potentially show up in the “From:” address of spam without having done anything wrong or been involved in any way.
Once again, though, the timing is suspect.
Potential cause #4: Targeted spam
If someone has a reason and knows your loved one’s email address, they could certainly craft spam that looks like it came from your departed friend without needing any access to anything at all. As I said above, it’s not difficult at all.
This would simply take motivation and a little bit of technical expertise.
If I had to guess, since this one doesn’t require that anything be compromised, I’d consider this scenario the most likely. But not by a wide margin.
Other clues
You didn’t indicate the nature of the email itself, but I’d see if that could help you can identify who might have sent the message.
If it’s generic body part enhancement, drug availability, dating, or other kinds of things we normally see in spam, then I’d chalk it up to being random spam.
On the other hand, if the message shows knowledge of the situation, your family, or anything else not generally publicly known, this starts to feel like something more personal. (Remember that the fact that someone has died is not inside knowledge. Any information included in, say, an obituary, could be used by someone to target an email.)
Legal?
It’s unclear what is and is not legal in the various scenarios above. If the email you got contains true harassment, threats, attempts to scam you out of money, or other clearly illegal things, then contact your local law enforcement agencies. While they may or may not actually do anything, having that report on file may be helpful should future action be needed.
Closing the account?
I recommend contacting your late friend’s email service provider. Many have policies for scenarios like this. If you can show them a death certificate, they may act more quickly to help.
For example, Facebook has a policy around the death of an account holder and the process used to close or “memorialize” their account.
Remember, though, that these services need to be extra cautious so that people can’t just run around accessing or closing accounts because they claim that the legitimate account holder is dead. Expect this to be a difficult process.
Related
Preparing for the Ultimate Disaster
If you're not around to unlock all the digital data you take such care to secure, who will be able to access it, and how?Frustrating, but pragmatic solution
By now, you can probably guess I’m not very hopeful of regaining access to or closing your friend’s account. It’s possible, but in my opinion is unlikely.
I would do this: ignore the email and move on. If you continue to get email from this account, set up an inbox rule or filter in your email program. It will immediately delete these messages when they arrive, so at least you don’t have to see them. I would advise the rest of the family to do the same.
It’s not what we might consider the most just or best solution, but it’s by far the most practical and least time-consuming.
An important lesson
Finally, after things have settled, take a moment to learn something from this.
The fact that no one in this person’s family has access to the account is a problem. We should all take care to entrust someone with emergency access, if for no other reason than to go in and disable or delete the information in the account to prevent situations exactly like this.
Do this
My recommendation is simple: ignore the messages. Set up a filter in your email program to do so automatically if necessary.
Then please consider setting up a plan for yourself so this won’t happen again when your time comes.
Podcast audio
Related Video
It is possible that a dead person could have sent that email in question. Recently I remember an article on Ask Leo about a feature in Gmail that would allow you to schedule an email to be sent out later. If you were terminally ill and capable of typing you could schedule to send out emails to friends that you’d have a hard time communicating with. You could have these emails scheduled if you were given a fairly accurate time that you were expected to die. If for some reason you made a miraculous recovery or if you were given a new expected time of death you could edit the delivery date or even cancel the email.
That’s definitely a possibility, but that’s extremely rare.
I would guess that the vast majority of emails from people who have passed away is case #3 — Random Spam. Everybody gets random spam spoofed from friends’ addresses, so it’s not surprising that some would come with a spoofed email address from a deceased person’s account.
I’ve never received any email from deceased friends/family, but my wife has passed away, so I know first-hand how difficult such a loss can be. I’ve taken steps to make sure my Son has access to my computer when I pass away. He knows my login pin, and being able to access my computer will allow him to access my password vault. From there, he can close/cancel all the Internet accounts I have, including my email accounts (they all provide web access). I’ve also printed a document containing what I want dome with my digital data, et-al. This document also includes information about the steps I’ve taken for my eternal internment (I’ve paid to have my remains interred in my wife’s niche), and I’ve made arrangements (and paid) for my funeral service, so all my Son should need to do is contact the funeral home to get everything taken care of. I keep a copy of this document on my computer, so when I think of things that will need to be handled, I add that information, then print the update, and replace the existing one. This way, when I’m gone, those I love will at least have some guidance,
Ernie (Oldster)
Your Son will! need more than access to your computer. All password vaults have a Master Password that is used to access it.
(A password vault without a Master Password is possible — say, an ordinary Notepad Textfile — but from a security viewpoint it would be pretty useless — not secure at all).
Your Son will need the Master Password to your password vault in order to access it.
One other possibility: Sometimes an email will “hang” for a day or two before shaking loose and arriving at the intended destination. My employer uses Outlook, and everyone at my job site has at least one “…you haven’t gotten it yet? But I sent it yesterday!” story.
Email usually arrives almost instantly, but it is not guaranteed to. It sometimes takes up to a few days to arrive.
There’s also an anti-spam technique that can sometimes add several minutes to the delivery process.
I recently received an email from a deceased friend. As an IT tech I looked at the email address behind the display name and found it was not the same as my friend, ONLY the display name suggested it was from him. This was clearly a scam. If the email address BEHIND the display name had been the same as his, then I would have contacted his family. I hope that helps with identifying one of Leos scenarios.