It’s always disturbing.
I understand this would be a deeply disturbing event, regardless of the cause.
Unfortunately, I don’t have much good news. There are things to try and things to understand.
And sadly, some things to prepare for.
Become a Patron of Ask Leo! and go ad-free!
Email from the deceased
Receiving emails from a deceased person’s account can be distressing. This can occur due to a hack or from spam spoofed to appear as if it’s from the deceased. Legality isn’t clear, but you can try contacting the email provider, ideally with a death certificate, to close or secure the account. In the meantime, setting up an email filter to delete the messages might be the most practical solution. It’s also a reminder to arrange emergency access to your own digital world to prevent similar situations in the future.
Accessing the account
I don’t mean to be flippant, but if no one has the password, regaining access is difficult enough when you’re alive.
When any third party attempts to gain control of someone else’s account, alive or dead — if only to close it — account security measures are in place to confirm that they are authorized to do so. Unless arrangements have been made beforehand, those security measures often make it practically impossible to close someone else’s account no matter the reason.
Let’s back up and consider what may have happened.
Potential cause #1: A random hack
It’s certainly possible that the account was hacked, particularly since the email was sent only to people who could be expected to appear in your late friend’s address book.
It’s not uncommon for a spammer who’s hacked an account to immediately use it to send out spam. That spam is generally random, but occasionally they’ll use the account’s address book as a convenient source of known good email addresses.
I’m skeptical, though. This kind of random hack can happen at any time.
The timing of this makes me doubt a random hack.
Potential cause #2: A targeted hack
This is less likely, but as I said, the timing leads me to wonder.
If there’s someone with whom the departed shared his sign-in credentials, that person could be using this as an opportunity.
If someone has a grudge against the deceased or their family, they could take this as an opportunity to proactively try to attempt to hack the account. This is typically more difficult if the account owner isn’t around to, say, fall for a phishing attempt, but it’s still possible.
In general, this also seems unlikely.
Potential cause #3: Random spam
It’s not at all difficult to make spam look like it comes from a specific email address without having direct access to that email address’s account. Spammers do this constantly to avoid being blocked and/or traced back to their source.
Anyone who’s received spam, which is pretty much all of us, can potentially show up in the “From:” address of spam without having done anything wrong or been involved in any way.
Once again, though, the timing is suspect.
Potential cause #4: Targeted spam
If someone has a reason and knows your loved one’s email address, they could certainly craft spam that looks like it came from your departed friend without needing any access to anything at all. As I said above, it’s not difficult at all.
This would simply take motivation and a little bit of technical expertise.
If I had to guess, since this one doesn’t require that anything be compromised, I’d consider this scenario the most likely. But not by a wide margin.
Other clues
You didn’t indicate the nature of the email itself, but I’d see if that could help you can identify who might have sent the message.
If it’s generic body part enhancement, drug availability, dating, or other kinds of things we normally see in spam, then I’d chalk it up to being random spam.
On the other hand, if the message shows knowledge of the situation, your family, or anything else not generally publicly known, this starts to feel like something more personal. (Remember that the fact that someone has died is not inside knowledge. Any information included in, say, an obituary, could be used by someone to target an email.)
Legal?
It’s unclear what is and is not legal in the various scenarios above. If the email you got contains true harassment, threats, attempts to scam you out of money, or other clearly illegal things, then contact your local law enforcement agencies. While they may or may not actually do anything, having that report on file may be helpful should future action be needed.
Closing the account?
I recommend contacting your late friend’s email service provider. Many have policies for scenarios like this. If you can show them a death certificate, they may act more quickly to help.
For example, Facebook has a policy around the death of an account holder and the process used to close or “memorialize” their account.
Remember, though, that these services need to be extra cautious so that people can’t just run around accessing or closing accounts because they claim that the legitimate account holder is dead. Expect this to be a difficult process.
Frustrating, but pragmatic solution
By now, you can probably guess I’m not very hopeful of regaining access to or closing your friend’s account. It’s possible, but in my opinion is unlikely.
I would do this: ignore the email and move on. If you continue to get email from this account, set up an inbox rule or filter in your email program. It will immediately delete these messages when they arrive, so at least you don’t have to see them. I would advise the rest of the family to do the same.
It’s not what we might consider the most just or best solution, but it’s by far the most practical and least time-consuming.
An important lesson
Finally, after things have settled, take a moment to learn something from this.
The fact that no one in this person’s family has access to the account is a problem. We should all take care to entrust someone with emergency access, if for no other reason than to go in and disable or delete the information in the account to prevent situations exactly like this.
Do this
My recommendation is simple: ignore the messages. Set up a filter in your email program to do so automatically if necessary.
Then please consider setting up a plan for yourself so this won’t happen again when your time comes.