E-mailed death notice is a hacking scam
The e-mail delivers a visceral blow. It’s from a funeral home, informing you of the death of a beloved friend and providing information on the memorial service.
It’s a fake. The only “death notice” the e-mail brings is to the computer and the privacy of the personal information belonging to anyone who clicks on the purported link to a funeral invitation.
Consumers across the country are receiving e-mails as part of a sophisticated phishing scam that uses the address, phone numbers and letterhead of a real funeral home in Florida to install malware on computers and steal personal information.
“We would like to express our deepest sorrow for the untimely death of your beloved friend and inform you about the life service celebration that will take place,” according to e-mails received by Valley residents this week. “Please follow this link to get funeral invitation. Please be there to honor the memory of your friend with her closest people.”
The e-mail includes the date of the supposed service and a message of condolence from an assistant at the Hubbell Funeral Home and Crematory in Belleair Bluffs, Fla.
Hubbell employees said Friday that since the e-mails surfaced about two weeks ago, they’ve received inquiries from thousands of people as far away as London — and even from soldiers stationed in Afghanistan.
“I think everybody knows somebody who lives in Florida,” funeral home owner Gerald Hubbell said. “We took about a thousand calls on the first day. It’s been more of the same ever since.”
Hubbell said the e-mails have disrupted business and led the funeral home to establish a recorded voice mail warning consumers. Receptionists are answering phones with the question: “Are you calling about the e-mail?”
He said the initial e-mails came with a notice that the funeral service would take place Feb. 13, leading him to believe the situation would end then.
“I thought it would slow down,” Hubbelll said. “Then they put out another notice two days later and another one two days later ... I was shocked.”
Hubbell, whose slogan “simply compassionate” is used on the bogus emails, does not send out e-mail death notifications.
“We would never e-mail a notification,” Hubbell said, adding on rare occasions when he has to make a telephone notifications he is careful to CALL 12 FOR ACTION leave messages asking only for a returned call.
Hubbell said he has no idea what list is being used to generate the e-mails, or to select who receives them. He said the information did not come from the company’s databases. He said authorities were notified and are investigating the situation.
“We’ve also heard from a funeral home in Texas and Ohio where this happened a few weeks ago,” he said. “We’ve weathered it pretty well. We have changed how we are doing business.”
The use of Hubbell’s website and phone numbers is evidence of how far hackers are willing to go to sneak under the defenses of consumers who are becoming more wary of identity thefts and taking steps to protect themselves.
Consumers might not open the email at first glance, but a quick Internet search would show that the email appears to come from a legitimate source with the same contact information and appearance.
The Federal Trade Commission this month warned about the scam.
“Scam artists are forever trying to trick people into clicking on links that will download malware to their computers. But the latest scam takes the trick to a new low,” according to an FTC advisory.
The link on the death notice takes consumers to a foreign domain where malicious software is downloaded. It takes only seconds for a computer to be compromised, and clicking on the link is enough to expose most computers.
Malware can include viruses and spyware designed to damage computers and record keystrokes, capturing passwords and account numbers, credit information and other personal information stored on hard drives.
Hubbell, who is also part owner of a software-development company, said he doubts the hackers will be caught. He said the steps they take to mask their origins are complex and could lead to anywhere in the world.
“Is there any hope of finding these guys? Nothing would please me more,” he said. Problem with a business? Call us. Our trained volunteers take phone calls from 11 a.m. to 1 p.m. Mondays through Fridays at 602-2601212. Or you can submit your complaint online at call12.azcentral.com. Call 12 for Action’s consumer-savings total for 2014. Money saved for consumers in 2013: $1,027,915. » Updating security software. » Not clicking on links or opening e-mail attachments from unknown senders. » Downloading software only from trusted websites. » Increasing security settings to detect unauthorized downloads. » Blocking pop-up ads and not responding to ads claiming to detect viruses on computers.
» Regularly backing up data.