'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M

A Los Angeles man has been jailed after pulling off SIM-swap attacks on victims, hijacking social media accounts, committing fraud with Zelle payments, and impersonating Apple support.

Amir Hossein Golshan, 25, described in court documents as a "serial cybercriminal and scammer," was sentenced to eight years in prison by a California federal court on Monday, and ordered to pay $1,218,526 in restitution. 

In July he pleaded guilty [PDF] to one count of unauthorized access to a protected computer to obtain information, one count of wire fraud, and one count of accessing a computer to defraud and obtain value.

Between April 2019 and February 2023, Golshan defrauded "hundreds" of people via various online scams and digital account thefts, according to prosecutors. Over the nearly four-year period, he stole about $740,000 from more than 500 people, the Feds said.

"For years, he lied, stole, scammed, extorted, blackmailed, and victimized hundreds of people," prosecutors wrote in a sentencing memo [PDF] filed with the courts last week. "He attacked people where they felt safe, usually at their homes, and he did it not with a gun or knife, but the tools of a modern cybercriminal, a computer, cellphone, and network connection."

Golshan "started out simple" with Zelle merchant fraud. This included offering phony services on Instagram: taking people's money ostensibly to perform some kind of work, and in actuality giving nothing in return. In one instance he told a victim that he could provide a verified Instagram badge for that person's teenage daughter in exchange for $300, sent via Zelle. No such badge was arranged.

Golshan then moved on to SIM swapping – in which the crook manages by social engineering or some other scheme to transfer a victim's phone number to the criminal's SIM, allowing passwords to be reset and social media accounts to be hijacked and misused for more fraud. The complaint [PDF] against Golshan details several of these SIM-swap victims interviewed by the FBI, one of which was an LA-based model and social media influencer with over 150,000 followers on Instagram.

After Golshan tricked her into giving him her phone number by posing as a friend on Instagram, he convinced a T-Mobile US employee to transfer her phone number to a SIM card he controlled. He then took over her Instagram account and requested her friends send him money through Zelle, PayPal, and other online payment platforms. 

Meanwhile, Golshan sent the victim messages on WhatsApp demanding $2,000 for the return of her accounts and threatening to delete her profiles if she did not pay him.

"Between defendant's Zelle merchant fraud and SIM swapping/social media account takeovers, defendant fraudulently induced approximately $82,000 in payments from approximately 500 victims, usually in increments of $300 to $500 per victim," the court documents stated.

• Look out, Scattered Spider. FBI pumps 'significant' resources into snaring data-theft crew
• Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data
• Florida man jailed after draining $1M from victims in crypto SIM swap attacks
• Woman jailed after RentaHitman.com assassin turned out to be – surprise – FBI

In the months leading up to his arrest, Golshan moved into more lucrative cybercrimes, according to the Feds, including impersonating Apple Support personnel to gain unauthorized access to several victims' Apple iCloud accounts. Once in, he plundered marks' digital wallets for NFTs, cryptocurrency, and other digital properties, defrauding five interviewed victims of amounts between $2,000 and $389,000 each.

Between the SIM swapping, social engineering, and support-desk scams it all sounds very Scattered Spider-esque.

"Defendant's crimes demonstrate an utter lack of respect for the law and basic human dignity," prosecutors said in court documents. "He showed little remorse for his victims or being caught during his years of crime, believing that he could hide behind the anonymity of online screennames or VPNs, and that his victims — who were on the other side of the computer — would never find him." ®