Reported by: Oahimire Omone Precious | Edited by: Gabriel Osa
In a major international cybercrime crackdown, the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) has arrested high-profile suspects linked to a sophisticated phishing operation that targeted Microsoft 365 email systems used by corporate, financial, and educational organisations in Nigeria and beyond. The operation, announced on 18 December 2025, was conducted in collaboration with global partners including Microsoft Corporation, the United States Federal Bureau of Investigation (FBI) and the United States Secret Service, underscoring growing international cooperation against transnational cyber threats.
Police say the breakthrough followed credible and actionable intelligence from Microsoft via the FBI, which exposed the use of a highly advanced phishing toolkit known as RaccoonO365. The malicious toolkit was designed to deploy fraudulent Microsoft login portals that closely mimicked legitimate authentication pages, tricking unsuspecting users into submitting their credentials. Once harvested, these credentials were used to gain unauthorised access to corporate email accounts, enabling business email compromise, data breaches and significant financial losses across multiple jurisdictions.
According to the official statement delivered by Chief Superintendent of Police Benjamin Hundeyin, Force Public Relations Officer for the Nigeria Police Force, the NPF–NCCC initiated a coordinated, intelligence-driven operation after identifying multiple instances of unauthorised Microsoft 365 account access between January and September 2025. Investigators traced these intrusions back to phishing emails crafted to appear as genuine Microsoft communications, a tactic increasingly favoured by sophisticated cybercriminals to bypass security defences.
Acting on the intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, where a series of arrests were carried out. Three suspects were taken into custody during targeted operations, and digital devices including laptops and mobile phones were seized from their residences. Forensic analysis has linked the recovered equipment to the phishing scheme, providing crucial evidence of the suspects’ involvement.
Further investigations identified Okitipi Samuel, also known by aliases including “RaccoonO365” and “Moses Felix,” as the principal suspect and alleged developer of the RaccoonO365 phishing infrastructure. Police allege that Samuel operated a Telegram channel through which phishing links were marketed and sold in exchange for cryptocurrency, allowing other cybercriminals to take part in the operation. The fraudulent login portals were reportedly hosted using services like Cloudflare, leveraging stolen or fraudulently obtained email credentials.
Officials noted that there is currently no evidence linking the other two arrested individuals to the creation or operation of the phishing toolkit itself, suggesting they may have been unwittingly implicated or that further investigation is necessary to clarify their roles.
The success of the operation highlights the escalating threat posed by cybercrime syndicates, particularly those that exploit trusted digital platforms and multinational software ecosystems to mislead users and infiltrate corporate environments. Analysts say that business email compromise and credential theft remain among the most financially damaging forms of cybercrime, with phishing kits like RaccoonO365 significantly lowering the technical barriers for criminals to execute large-scale attacks.
In response to the arrests, the Nigeria Police Force reaffirmed its commitment to safeguarding the nation’s digital space, pledging to deploy advanced technology, deepen international collaboration and enhance investigative and prosecutorial capabilities to counter evolving cyber threats. Authorities emphasised that this case represents a strategic law enforcement response not only to a domestic security challenge but to a global cybercrime network with far-reaching impacts.
The joint action also reflects a shift in how national enforcement agencies are tackling complex cyber-enabled fraud: by sharing intelligence, utilising digital forensics and coordinating cross-border operations that disrupt criminal infrastructure and bring perpetrators to justice. As cybercrime continues to adapt, security experts say such cooperation will be crucial for protecting digital economies and institutional networks from increasingly resilient criminal enterprises.
📩 Stone Reporters News | 🌍 stonereportersnews.com
✉️ info@stonereportersnews.com | 📘 Facebook: Stone Reporters | 🐦 X (Twitter): @StoneReportNew | 📸 Instagram: @stonereportersnews
Add comment
Comments