The Nigeria Police Force has announced the arrest of three individuals suspected of being involved in a sophisticated phishing operation targeting Microsoft 365 users across multiple countries.
Officials said the arrest by the Nigeria Police National Cyber Crime Center (NPF-NCCC) was based on information shared by Microsoft in the United States through the Federal Bureau of Investigation (FBI).
According to police, the operation revolves around a malicious phishing toolkit known as Raccoon365, which is used to create fake Microsoft login portals aimed at harvesting email credentials belonging to businesses, financial institutions, and educational institutions.
“This toolkit was designed to create fraudulent Microsoft login portals intended to collect user credentials and illegally access email platforms of businesses, financial institutions, and educational institutions,” police said in a statement.
According to the NPF-NCCC, reports received from January to September 2025 have linked multiple cases of unauthorized access to Microsoft 365 accounts to phishing emails created to mimic legitimate Microsoft login pages.
“These activities enabled business email compromise, internal phishing, data breaches, and other forms of cybercrime,” police added.
In collaboration with Microsoft, the FBI, and the U.S. Secret Intelligence Service, NPF-NCCC operatives carried out coordinated raids in Lagos and Edo States. The operation resulted in the arrest of Okitipi Samuel, also known as “Raccoon0365” and “Moses Felix”, and two other suspects identified as Joshua and James.
A search conducted at the suspect’s residence resulted in the recovery of a laptop, mobile phone, and other digital devices believed to be related to the phishing scam.
Investigators identified Samuel as the primary suspect and the alleged developer of the phishing infrastructure. Police say the suspect runs a Telegram channel where phishing links are sold in exchange for cryptocurrency and hosts fraudulent Microsoft login pages on Cloudflare using stolen or fraudulently obtained email accounts.
Blockchain analysis reportedly links digital wallets associated with the operation to Bitnob and Exodus Wallet, and identifies Samuel as the sole beneficiary of the proceeds.
Authorities say other suspects’ personal information and digital devices were misused without their knowledge or consent.
Samuel currently faces multiple charges under Nigeria’s Cyber Crimes (Prohibition, Prevention, etc.) Act 2024, including identity theft, unlawful access to computer systems, creation and distribution of malicious software, aiding and abetting fraud, and unauthorized interference with network data.
The Nigeria Police Force says the arrests confirm the force’s determination to protect the country’s digital environment.
“The Nigeria Police Force reiterates its unwavering commitment to safeguard Nigeria’s digital ecosystem and protect its people, businesses and institutions from emerging cyber threats,” the statement added.
