In his line of work, funeral home director Brian Bass has come to expect the occasional juvenile phone prank.
But the hoax recently perpetrated on the small-town Eubank Funeral Home where Bass works is bigger than any adolescent antics. Cybercriminals hijacked the funeral home’s identity as part of a worldwide email phishing scam.
For the past month, inboxes across the United States and beyond have been getting funeral notices that appear to be from Eubank Funeral Home in Canton, Texas, 60 miles east of Dallas.
Without saying who has died, the fake emails invite the recipient to an upcoming “celebration of your friend’s life service” and instruct the recipient to click a link for “more detailed information about the farewell ceremony.”
“It reaches to people's curiosity and their natural instinct to find out who passed away,” Bass told Yahoo News.
But instead of going to Eubank’s website, the Better Business Bureau says, the link in the email takes readers to a foreign domain where malicious software is downloaded onto the user’s computer allowing criminals access to passwords, financial records, and other personal information stored on the computer.
“This scam email, disguised as a funeral notification, reaches a new low,” the Better Business Bureau said in a nationwide warning last week. “Scammers are always on the hunt for new ways to evade the delete button.”
It’s unknown how many people have fallen victim to the hoax, but Bass said Eubank Funeral Home has received 50 to 100 complaints a day since mid-January. Calls and emails have come from as far away as Finland and South Korea.
“We filed a police report and our security people are in touch with the government, but nobody can stop it yet,” Bass said.
The ordeal forced the funeral home, which has been in business for 88 years, to remove its phone number from its website and post disclaimers and warnings about the scam.
“It's not really the way your company wants to be known,” Bass said. “It has taken away time we need to help families.”
The fraud comes at a time when many funeral homes are trying to meet a growing demand to deliver information via social media and digital channels. Eubank sends death notices only to email subscribers and always includes the name of the deceased.
“A lot of our subscribers are retirees ... they kind of want to see if people they grew up with have passed away,” Bass said.
Last year the Anti-Phishing Working Group, a coalition of cybercrime watchdogs, noted that a record-high 441 business brands were hijacked in April 2013 and that “the landscape continues to evolve as fraudsters seek new victims in untapped markets by targeting more brands.”
In its warning, the Better Business Bureau urged consumers to remain vigilant because the hackers will likely clone another funeral home’s identity before long.
“These kinds of things piss me off,” said Bill Harasym, a Wyoming man who got one of the emails on Jan. 15, just six weeks after he buried his mother.
Some Web sleuthing verified Harasym’s suspicions that the email was a fake. He then alerted Eubank Funeral Home and wrote about his experience on his personal blog to warn others about the cons.
“They're just dirtbags,” he told Yahoo News. “There's a special place in hell for them.”
Follow Jason Sickles on Twitter (@jasonsickles).
More consumer news coverage from Yahoo News:
- Death & Funeral
- Family & Relationships
- Brian Bass
- Better Business Bureau