When a loved one passes away, there is an enormous amount to manage — funeral arrangements, notifying family and friends, handling financial accounts, and beginning the probate process. What most families don't realize, at least not until it's too late, is that a separate crisis may be quietly unfolding online.

Deceased individuals' digital accounts — email, social media, online banking portals, subscription services, and more — often sit idle for weeks or months before anyone thinks to close or secure them. During that window, bad actors are actively looking to exploit the gap between a person's death and the moment their digital life is officially shuttered. The result can be devastating: financial losses, identity theft, and a painful violation of a family's grief.

The good news is that with proper digital estate planning, this risk is largely preventable. Here's what every Pennsylvania family should know.

The Window of Vulnerability

When someone dies, it typically takes days — sometimes weeks — for word to spread beyond the immediate family. During that time, the deceased's email address, social media profiles, and online financial accounts remain active and accessible to anyone who has the credentials.

Fraudsters know this. They also know that the social circle of the deceased may not immediately recognize that something is wrong when they receive a message appearing to come from that person's account. Common schemes during this period include:

• Phishing messages sent from a deceased person's compromised email account to their contacts, requesting wire transfers, gift cards, or personal information

• Fake "final wish" requests on social media, asking friends and family to donate to fraudulent fundraisers

• Takeover of payment-linked accounts such as PayPal, Venmo, or Zelle to redirect funds

• Use of stolen identity information to open new lines of credit in the deceased's name

Because the messages appear to come from a trusted source — someone the recipient knew personally — these scams carry an unusually high success rate.

Why Grieving Families Are Caught Off Guard

Most people, when they think about estate planning, focus on the distribution of physical and financial assets — the house, the investment accounts, the retirement funds. Digital accounts rarely enter the conversation, even though they may be linked directly to those financial assets or may contain sensitive personal information that could be exploited.

There is also a practical challenge: even when a family wants to close or secure a deceased person's online accounts, they may have no idea where to start. Without a record of what accounts existed or how to access them, families often find themselves:

• Unable to log in to accounts because they don't have passwords or two-factor authentication access

• Navigating complicated and slow platform-specific memorialization or removal processes

• Discovering accounts they didn't know existed only after fraud has already occurred

The absence of a digital estate plan doesn't just create administrative headaches — it creates a security vacuum.

Pennsylvania Law and Your Digital Assets

Pennsylvania has adopted the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), which gives executors and other fiduciaries the legal authority to access and manage certain digital assets of a deceased person. However, that legal authority is only part of the picture.

Even with legal authority, executors face practical barriers. Many major platforms — Google, Meta (Facebook/Instagram), Apple, and others — have their own internal processes for honoring fiduciary requests, and those processes can be slow and inconsistent. Without advance planning, an executor may have legal rights on paper but still spend months trying to get a platform to act.

Critically, RUFADAA also respects the wishes expressed by the account holder through platform tools — such as Google's Inactive Account Manager or Facebook's Legacy Contact feature — or through a properly drafted estate plan. This means that the most effective protection comes not just from having the legal framework, but from using it proactively.

What a Digital Estate Plan Should Include

A thoughtful digital estate plan does not require putting passwords in a will (which becomes a public document through the probate process). Instead, it typically involves several coordinated components:

A Digital Asset Inventory

A private, secure record of accounts, usernames, and access credentials, stored separately from the will and updated regularly

A Digital Executor Designation

A named individual authorized to manage and close digital accounts, ideally someone with both the trust of the family and sufficient technical comfort to navigate the process

Written Instructions

A letter of direction that tells the digital executor what to do with each type of account: which to memorialize, which to delete, which to transfer, and in what order

Use of Built-In Platform Tools

activating features like Google's Inactive Account Manager or Apple's Digital Legacy Program before death, so the platform itself is primed to act

Coordination with your Estate Planning Attorney

to ensure the digital plan is properly referenced in your will and power of attorney documents so your fiduciaries have the clearest possible authority

Acting Quickly After a Death Matters

For families who are dealing with a loss right now and did not have a digital estate plan in place, speed matters. There are several immediate steps that can reduce exposure:

• Contact the deceased's email provider and major social media platforms as soon as possible to begin the account memorialization or removal process

  
  

• Notify financial institutions of the death promptly, so that accounts can be flagged and monitored for unauthorized activity

  
  

• Alert the deceased's close contacts — particularly those who were frequently in communication — so they can be on guard for suspicious messages purportedly from the deceased

  
  

• Request a credit freeze with the major credit reporting bureaus to prevent new accounts from being opened in the deceased's name

  
  

• These steps won't undo a digital estate plan that was never created, but they can meaningfully reduce the window of exposure.

Don't Leave Your Digital Life Unplanned

Estate planning has always been about protecting the people you love from unnecessary hardship at the most difficult moments of their lives. Your digital life is now too large and too interconnected with your financial life to leave out of that plan.

At Fiffik Law Group, PC, we work with Pennsylvania families to build comprehensive estate plans that address both traditional and digital assets — including the practical steps needed to protect your online identity after you're gone. If you have questions about digital estate planning or would like to discuss your situation with one of our attorneys, we encourage you to contact us.