The day before the second anniversary of her mother's death, Cassie Woods was shopping with her husband, Jarrod, when he decided to check his email on his phone. His eyes widened when he saw a new message in his inbox and he motioned for his wife to come see the email.
"I see my mom's name on [the email] and it has this junk attached to it," Cassie Woods of Stafford, Va., recalled. "I pretty much freaked and cried."
The email account of Woods' late mother, Paula Chase, had been hacked and was sending out spam messages to everyone in her address book, including Woods and her two sisters.
"I was kind of hysterical at that point and then [the email arrived on my] phone and I fell to the floor," she said. "I'm still struggling with [her] death."
Because the hacker had changed the password and security question to her mother's account, Woods and her family immediately called Yahoo to ask them to shut down the account. After many calls, the family was told they needed to fax the death certificate for Paula Chase in order to shut down the account.
As they tried to get the death certificate to the right department, Woods and her family members were subjected to near-daily emails hawking items such as cheap drugs, stay-at-home jobs and male enhancement products, all of them bearing her mother's name.
After numerous calls to Yahoo and an interview on the local television station, the account was finally closed earlier this week, about two months after the first email was sent.
A Yahoo representative who worked with the Woods family was apologetic, but maintained that the steps were taken so that the account could remain secure: "We do need to make sure that people do follow the appropriate steps to ensure that we're closing down the right account."
Woods' ordeal in closing the account is part of a larger problem for families of deceased users.
As companies such as Google, Facebook and Yahoo fret about user privacy concerns, families are finding it surprisingly difficult to delete a person's online presence even if that person is no longer alive.
While Yahoo's policy is to have the death certificate faxed in before shutting an account, other sites are even more stringent about allowing access to a deceased user's account.
A woman in Oregon was incensed recently when Facebook initially refused to shut down her late husband's profile. She did not have his Facebook password, but she submitted his death, birth, and marriage certificates and even a portion of his will to prove he had died.
In that case, it took a month of numerous phone calls and interviews with the media before the profile was deleted.
A representative for Facebook could not comment directly on that case but the online help center explains how to handle deceased users' profiles.
It states that Facebook has a policy to "memorialize" a page for any deceased user, which renders the page private except to family and friends. To request that a page be memorialized, a family member or friend can simply link to an obituary or news article.
To actually delete a profile page, however, a family member or executor must submit proof of their relationship with the deceased before getting further instructions. It's unclear what additional documentation would be required to shut down the profile.