Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I deal with email sent from a deceased's apparently hacked account?


I am very upset this morning!! Someway – somehow I got an e-mail from a dear-friend who recently passed. the message was sent
today, from his e-mail, his family also received the same e-mail, and they assure the rest of us (friends) they do not have access
to his password and they want to know how this happened. Is this legal, is somebody tapping into his account, is it a hacker? Can
you please shed some light on this? Also, does his family need to take any sort of actions to somehow delete his account so this
doesn’t happen again in the future? There are a lot of confused people over this, needless to say quite upset also. This one action
has stirred up very deep feelings of the recent passing of our loved one.

I can totally understand that this would be a deeply disturbing event – regardless of the cause.

Unfortunately, I don’t have much good news. There are things to try, and things to understand.

And, sadly, some things to prepare for.


I certainly don’t mean this to be flippant, but regaining access to a hacked email account when you’re alive is difficult enough – in fact it’s often nearly impossible when it comes to free services. Needless to say, when you as a third party attempt to regain control or close someone else’s account – alive or dead – account security measures require that the email provider be even more cautious.

Often those security measures make it practically impossible to close someone else’s account, no matter the reason.

“… security measures make it practically impossible to close someone else’s account, no matter the reason.”

Let’s back up and first consider what may have happened.

In all honesty, the most likely cause of the email was simply that there is someone, somewhere, with whom the departed entrusted his email password. It may not be the family, but there could easily be someone he trusted. You didn’t indicate the nature of the email contents, but I’d look at that as a start to see if you can identify who might have sent the message.

Naturally, the account could have been hacked at some point. It’s unclear exactly how, but if the email was sent only to people that could reasonably be expected to appear in your late friends address book, this could be the case.

It’s important to remember that the email might not have come from that account at all. Spammers, for example, regularly spoof the “From:” address on email to make it appear as if it’s coming from one address when in fact that email address and account had nothing to do with it. This is actually fairly easy, and could certainly be done intentionally to perhaps harass you and your friends acquaintances.

And again, not knowing the contents of the message you received, it may well be garden variety spam with a spoofed “From:” address.

Regardless of how it happened, the real question is what to do?

It’s unclear what is and is not legal. But on a more practical side, it’s even less clear what is and is not going to be considered worthy of spending scarce law enforcement resources.

If the email you got contains true harassment, attempts to scam you out of money or other clearly illegal things, then I would in fact contact your local law enforcement agencies. It might take a few calls to find the right contact, though unfortunately there may not be a “right contact” as not all agencies are equipped to handle cyber-crime. Depending on the nature of the email it might be worth trying, though.

You can try contacting your late friends ISP or email service provider, but as I said I don’t really hold out a lot of hope here. These services need to be extra cautious so that people can’t just run around accessing or closing accounts because they claim that the legitimate account holder is dead. If you can even find someone to help, expect this to be a difficult process.

By now you can probably guess that I’m not very hopeful of actually regaining or closing your friends account. It’s possible, but in my opinion very unlikely.

In your shoes, I would do this: ignore the email and move on. If you continue to get email from this account, set up an inbox rule to immediately delete these messages when they arrive.

And I would advise the rest of the family to do the same.

It’s not what we might consider the most just, or right solution – but it’s by far the most practical and least time consuming.

Finally, take a moment to learn something from this as well.

The fact that no one in this person’s family has access to the account is a problem. We should all take care to entrust someone with emergency access – if for no other reason than to go in and disable or delete the information in the account in situations like this.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “How do I deal with email sent from a deceased's apparently hacked account?”

  1. Like Leo said- this is a tough one espcially if it’s a free email account. The best solution is to contact the service provider an dhave them delete the email account.

    [link removed]

  2. Or persuade people to use some sort of service that, if they do not acknowledge something for x weeks, sends a ‘death notice’ to everyone on the contact list, and the password to a trusted few.

  3. There were some facts missing from this post. The nature of the E-mail. Was the E-mail written as the deceased might have written, but not yet sent, and queued in his/her E-mail client to be sent? It would then be possible to be accidentally sent some time later, if someone else powered on the machine and went online not knowing the E-mail was queued. Who had possession of the deceased’s machine? And of course, it was possibly a compromised account.

  4. Also the email password could have been reset by correctly guessing the security questions (“what was the name of your first pet”) etc.

  5. One possibility which Leo overlooked is an postmortem messaging service. There are several available out there; one such I use is called DeathSwitch.COM:

    This automated service prompts the subscriber (via E-Mail) for a reply at regular intervals; if the service’s robot receives no response after a certain number of (completely configurable) challenges, it will send any “death message” of your choice to anyone you have selected.

    Might the E-Mail the querant is complaining of, actually have originated with such a service?

  6. I lost my husband nearly a year ago, I knew of only 2 email accounts and closed both promptly, inagine my surprise when one kept getting hacked and his family and I kept getting things from it! I did contact Yahoo and security was involved, it has been resolved,..not easily or w/o lots of emotional stuff….Imagine my surprise this morning to find yet ANOTHER account unbeknownst to me or his family pop up on yahoo w/yet another spam. this horrible how spammers get ahold of things and don’t give a darn how it may affect others on the www.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.