Los Angeles – Amir Hossein Golshan, 24, confessed in federal court today to a sophisticated scheme that bilked hundreds of Instagram users out of an estimated $740,000. Golshan didn’t rely on brute force; he exploited vulnerabilities in cellular security and social media verification to hijack accounts and drain victims’ digital wallets. The feds say Golshan’s reign of digital theft spanned nearly four years, from April 2019 to February 2023.
The core of Golshan’s operation was “SIM swapping” – a disturbingly simple technique where he tricked mobile carriers into transferring a victim’s phone number to a SIM card he controlled. This allowed him to bypass two-factor authentication, the very security measure designed to protect accounts. Once he had control of the phone number, access to Instagram and iCloud accounts was often just a matter of resetting passwords.
Golshan didn’t stop at account access. He targeted social media influencers and their networks, posing as a trusted contact to solicit money via Zelle, PayPal, and other payment apps. He also brazenly impersonated Apple Support, convincing victims to hand over iCloud credentials, opening the door to the theft of valuable NFTs and cryptocurrency. The scheme was multi-layered, preying on both trust and technological loopholes.
Prosecutors detailed how Golshan actively advertised fraudulent Instagram services, luring victims with promises of boosted followers or engagement. These were, of course, nonexistent. Victims paid for services they never received, adding another layer to the financial damage. The feds believe Golshan meticulously tracked targets, identifying those with significant digital assets and a willingness to engage online.
Golshan pleaded guilty to one count each of unauthorized computer access, wire fraud, and accessing a computer to defraud. He now faces a potential 20-year federal prison sentence. The FBI led the investigation, highlighting the growing threat of SIM swapping and account takeover schemes. Federal prosecutors are pushing for a sentence that reflects the scale and sophistication of Golshan’s criminal enterprise.
This case serves as a stark warning: two-factor authentication, while helpful, isn’t foolproof. Victims must remain vigilant about unsolicited requests for personal information, especially those claiming to be from tech support. The feds are urging anyone who believes they were targeted by Golshan to contact the FBI’s Internet Crime Complaint Center (IC3). This isn’t just about money; it’s about the erosion of trust in the digital world.
🔒 Get the grimiest stories delivered weekly.
Subscribe free →
Browse More