Deceased Estate Account Takeover Scam
Scammers exploit the window between a death and a financial institution being notified to gain unauthorized access to the deceased's real bank, investment, or trading accounts and drain them directly.
Last reviewed: 5 July 2026
What this scam is
This scam is distinct from schemes that merely demand a fake fee to 'unlock' a frozen account: here, the fraudster actually obtains working access to the deceased's genuine financial accounts and moves money out directly, without ever needing the family to pay anything themselves. It exploits the period between a person's death and the point at which banks, brokers, or payment platforms are formally notified and place a hold on the account — a gap that can run from days to several weeks depending on how quickly next of kin locate and report all the deceased's financial relationships.
During this window, a scammer who has obtained the deceased's login credentials, phone number, or enough personal information to pass identity checks can log into online banking or investment platforms, request password resets, or social-engineer a call center into granting access, then transfer or withdraw funds before the account is ever frozen. In other cases, the scammer targets the grieving family or executor directly, posing as a 'digital estate assistant' or well-meaning volunteer who asks for the deceased's account credentials or one-time passcodes 'to help close things down', then uses that access to drain the account rather than to help.
How it works
In one common route, a scammer who previously obtained the deceased's banking credentials or personal data — through an earlier data breach, phishing attack, or information published in an obituary combined with data broker lookups — moves quickly after learning of the death, before the family has notified every institution the deceased used. They may request a SIM swap or call forwarding on the deceased's mobile number to intercept one-time passcodes, then log into online banking or a trading platform and transfer funds to accounts they control.
In a second route, the scammer approaches the family or executor directly, often within days of the death, offering to 'help' close accounts, cancel subscriptions, or consolidate the deceased's digital and financial life. Framed as a considerate favor during an overwhelming time, they ask for the deceased's online banking username and password, or ask the family to forward a one-time passcode sent to the deceased's phone 'to verify the closure request'. Once obtained, this access is used to transfer funds out of the account rather than to close it.
Because account activity in the days after a death is not unusual on its own — family members may legitimately access joint accounts, pay final bills, or check balances — unauthorized transfers can go unnoticed for longer than they otherwise would, giving the scammer time to move funds through several intermediary accounts before the fraud is discovered, typically only once the bank is formally notified of the death and reviews recent activity.
Why this scam works
The period immediately after a death is one of the few times an account holder cannot notice or challenge unauthorized activity themselves, and family members are often unaware of the full scope of the deceased's accounts, making it easy for unauthorized transfers to pass unremarked amid a flurry of genuine estate-related activity. Requests for help 'closing things down' exploit the family's desire to reduce their own administrative burden during grief, lowering the scrutiny normally applied to a request for banking credentials or a one-time passcode.
A typical pattern
Shortly after a person's death, a family member is contacted by someone offering to help close the deceased's online accounts, describing themselves as a family friend with technical experience. They ask for the deceased's online banking login to 'check for outstanding direct debits' and, once given access, quietly initiate a transfer to an external account before the family notices. The bank only identifies the unauthorized transfer weeks later, once formally notified of the death and reviewing the account's recent activity, by which point the funds have already been moved through several other accounts.
Common red flags
- Anyone requesting the deceased's account passwords or a one-time passcode, however helpful their offer sounds
- Unsolicited offer to help close or consolidate the deceased's accounts shortly after a death
- Unusual transfers, new payees, or password reset notifications on the deceased's accounts
- A SIM swap or loss of mobile signal on the deceased's phone number without the family requesting it
- Pressure to act quickly to 'tidy up' accounts before formally notifying every institution
- Reluctance from a self-described helper to be identified through a verifiable channel
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
I can help close your relative's online accounts — just send me their username and password and I'll take care of the rest.
A verification code has been sent to your relative's phone — please forward it so I can confirm the closure request.
No need to contact the bank directly yet, I can handle everything through my contacts.
I noticed some subscriptions still active on the account — let me log in and cancel them for you.
Common variations
- SIM swap or call forwarding used to intercept one-time passcodes for the deceased's online banking or trading accounts
- Scammer poses as a helpful family friend or 'digital estate assistant' requesting login credentials
- Scammer requests the family forward a one-time passcode under the pretext of verifying an account closure
- Fraud committed using credentials obtained from an earlier, unrelated data breach before the death occurred
- Insider or acquaintance with prior legitimate access to a joint account continues using it after death without authorization
- Scammer targets investment or cryptocurrency accounts specifically, where transfers can be harder to reverse
How to verify before you act
Notify every bank, broker, pension provider, and payment platform the deceased used as early as possible after a death, even before full probate documentation is ready, since most institutions can place a protective hold on request pending formal paperwork — this closes the exploitable window faster than waiting to gather every document first. Never share the deceased's account passwords or forward a one-time passcode to anyone, including someone who appears helpful or claims to be assisting with account closure; genuine institutions never ask a family member to supply the deceased's login credentials, since they close or transfer accounts through their own formal death-notification and probate process instead.
Regularly check statements and recent transaction activity on any account the deceased held for unfamiliar transfers in the weeks following the death, and ask the bank directly whether a SIM swap, password reset, or new payee was added to the account around the time of death, which the institution's fraud team can usually check.
Payment methods used
- Unauthorized bank transfer
- Unauthorized transfer from investment or trading accounts
- Cryptocurrency transfer from the deceased's own holdings
Who is usually targeted
- Recently bereaved family members and executors managing many institutions at once
- Families slow to notify every financial institution the deceased used
- Deceased individuals whose credentials were exposed in a prior data breach
- Households where one family member handled all the deceased's finances and others are unfamiliar with the accounts
What to do immediately
- Never share the deceased's account passwords or forward any one-time passcode to anyone
- Notify all known financial institutions of the death as soon as possible to request a protective hold
- Secure the deceased's phone account and email, watching for signs of a SIM swap or unauthorized password reset
- Review recent account activity for unfamiliar transfers and report any found to the institution's fraud team immediately
- Report suspected unauthorized access or transfers to your national fraud reporting body
How to prevent it
- Notify all financial institutions the deceased used as early as possible, even before full probate paperwork is ready
- Never share the deceased's account passwords or forward a one-time passcode to anyone offering to help
- Route all account closure and access requests through the executor and the institution's own formal process
- Change or secure the deceased's phone account and email as soon as practical to prevent SIM swap or password reset attacks
- Review recent transaction activity on the deceased's accounts for unfamiliar transfers
- Ask each institution's fraud team to check for any SIM swap, password reset, or new payee added around the time of death
Evidence to preserve
- Names, phone numbers, and any messages from anyone who offered to help access accounts
- Bank or platform statements showing unauthorized activity
- Records of any password reset, SIM swap, or new payee notifications received
- Correspondence with financial institutions about the reported fraud
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Should I share my deceased relative's account password with someone offering to help close it?
No. Never share a deceased person's account passwords or forward a one-time passcode to anyone, no matter how helpful they seem. Genuine institutions close or transfer accounts through their own formal death-notification process and never need the family to supply login credentials.
How quickly should we notify banks after a death?
As early as possible, even before full probate documentation is ready. Most institutions can place a protective hold on request pending formal paperwork, which closes the window during which an account could be accessed without authorization.
How would a scammer get into a deceased relative's online banking without a password?
Common methods include using credentials exposed in an earlier, unrelated data breach, or performing a SIM swap on the deceased's phone number to intercept one-time passcodes sent during a password reset or login attempt.
We think unauthorized transfers happened after a death — what should we do?
Report the unauthorized activity to the institution's fraud team immediately and ask them to investigate any password reset, SIM swap, or new payee added around the time of death, and report the incident to your national fraud reporting body.