Amir Hossein Golshan, 25, was sentenced in Los Angeles District Court to eight years in prison and ordered to pay $1.2 million in restitution for charges including SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft. ordered to pay. On July 19, 2023, Mr. Golshan pleaded guilty to hijacking the Instagram account of a prominent social media influencer. He also confessed that he carried out a series of schemes from April 2019 to February 2023. “From at least April 2019 to February 2023, Gorshan engaged in numerous online scams and compromised digital accounts of his victims, including the takeover of social media accounts, mobile payment fraud, and Apple support impersonation. Knowingly executed multiple online schemes to defraud over 100 victims,” the U.S. Department of Justice statement said. “Golshan’s entire scheme resulted in losses totaling approximately $740,000 to hundreds of victims over several years.” Mr. Golshan attempted to hide his identity by using virtual private network (VPN) tools and multiple account names. Over time, he reportedly honed his skills in organizing increasingly sophisticated online crimes.
Through social engineering, Mr. Golshan convinced wireless carriers such as T-Mobile to transfer the mobile phone numbers of authorized subscribers to his own SIM card. This allowed them to bypass his SMS-based two-factor authentication (2FA) and take over his social media accounts. In a high-profile incident in December 2021, a Los Angeles-based model’s Instagram account was hijacked through a SIM swap after contacting her through her friend’s hijacked account. He then abused his access to the account and used it to send messages to numerous friends asking them to send money to her Zelle account, which he controlled, and to his PayPal account.
Additionally, Golshan blackmailed the model with $2,000 and threatened to delete her hijacked social media accounts. In other cases, Golshan promoted Instagram verification services and tricked victims into transferring $300 to $500 in exchange for a verification badge on their accounts. It is estimated that Golshan made over $82,000 from approximately 500 victims through the scheme described above. Then, in August 2022, this prolific scammer posed as his Apple support representative and gained unauthorized access to his Apple iCloud account. He tricked his victims into sharing his six-digit security code, making them think he was improving the security of their accounts.
This allowed scammers to bypass existing protections. By accessing other people’s iCloud storage, Golshan was able to steal digital assets, including $319,000 worth of NFTs and $70,000 worth of cryptocurrencies. The scammer resold these assets on his NFT marketplace for $130,000 within 24 hours. To protect yourself from SIM swapping attacks, enable number porting security with your carrier, use physical security keys or authenticator apps instead of SMS, and limit the sensitive information you share online. The Federal Communications Commission (FCC) recently adopted new rules to protect consumers from SIM-swapping attacks and make unauthorized number transfers more difficult.