Linus Aleke in Abuja
The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) has apprehended a suspected cyber fraudster linked to coordinated attacks on Microsoft 365 email platforms used by corporate organisations.
The arrest followed an intelligence-led investigation triggered by credible information from Microsoft Corporation in the United States, conveyed through the Federal Bureau of Investigation (FBI).
The intelligence exposed the deployment of a sophisticated phishing toolkit, known as RaccoonO365, designed to compromise Microsoft email accounts.
Addressing journalists in Abuja, the Force Public Relations Officer, CSP Benjamin Hundeyin, explained that the toolkit was used to create fake Microsoft login portals that closely mimicked legitimate authentication pages.
Unsuspecting users were deceived into entering their credentials, which were then harvested and used to gain unauthorised access to corporate, financial and educational email systems.
According to him, the intelligence prompted a coordinated operation by the NPF–NCCC in collaboration with Microsoft, the FBI and the United States Secret Service.
“Investigations revealed that between January and September 2025, multiple organisations across different jurisdictions suffered unauthorised access to their Microsoft 365 accounts through phishing emails. These attacks led to business email compromise, data breaches and significant financial losses.
Acting on precise operational intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, where three suspects were arrested. Searches conducted at their residences led to the recovery of laptops, mobile phones and other digital devices. Subsequent forensic analysis linked the recovered items to the cyber fraud operation.
Further investigation identified Okitipi Samuel, also known by the aliases “RaccoonO365” and “Moses Felix,” as the principal suspect and the developer of the phishing infrastructure. Police findings indicate that he operated a Telegram channel through which phishing links were marketed and sold in exchange for cryptocurrency. The fraudulent Microsoft login portals were reportedly hosted on Cloudflare using stolen or fraudulently obtained email credentials,” he revealed.
The police, he added clarified that investigations so far have found no evidence connecting the two other arrested individuals to the development or management of the phishing infrastructure.
Reaffirming its commitment to protecting Nigeria’s digital ecosystem, the Nigeria Police Force said it would continue to deploy advanced technological tools, deepen international cooperation and strengthen investigative and prosecutorial efforts to effectively counter emerging and evolving cyber threats.
