There seem to be endless variations on phishing scams, but the goal is always the same: to convince victims to click on a link that takes them to a different website than they were expecting. Sometimes that website is designed to harvest personal financial information, sometimes it is set up to infect victim computers with malicious software, and sometimes it does both.
One variation is the fake funeral notification. A message with the subject line “Funeral notification” will appear to come from a funeral home, informing the recipient of the death of a friend and instructing him or her to click a link for visitation times or other information. If the link is clicked, the victim is directed to a website that attempts to install malware.
If you get such an email out of the blue, do not click any links. If you think it might be real, do a web search for the contact information of the funeral home the email appears to come from, and call them to find out if they sent the notification. Don’t call any phone numbers from the email itself.
There are other ways to spot this scam up front, though. If it does not contain the name of the deceased, and instead only refers to “your friend,” that’s a sign that it’s a generic email being sent to lots of people. Also, how would a funeral home have a list of a deceased person’s email contacts in the first place? They might publish a notification on their website, or publish viewing times in the local newspaper, but for the most part it’s up to the family and/or friends of the departed to contact individual people.