By Nkechi Eze
The Nigeria Police Force has recorded a major breakthrough in the fight against cybercrime with the arrest of high-profile internet fraud suspects linked to coordinated cyberattacks on Microsoft 365 email systems used by major corporate organisations.
The arrests were carried out by operatives of the Nigeria Police Force National Cybercrime Centre, NPF–NCCC, following intelligence-driven investigations into targeted phishing and malware attacks designed to compromise corporate email platforms. The development was disclosed in an official statement signed by the Force Public Relations Officer, CSP Benjamin Hundeyin.
According to the statement, the operation was triggered by credible and actionable intelligence received from Microsoft Corporation in the United States, transmitted through the Federal Bureau of Investigation, FBI. The intelligence exposed the deployment of a sophisticated phishing toolkit known as RaccoonO365, which was used to generate fake Microsoft login portals aimed at harvesting user credentials and unlawfully accessing email systems belonging to corporate, financial, and educational institutions.
Acting swiftly on the intelligence, the NPF–NCCC launched a coordinated operation in close collaboration with Microsoft, the FBI, and the United States Secret Service. Investigations revealed that between January and September 2025, multiple cases of unauthorised access to Microsoft 365 accounts were traced to phishing emails carefully designed to closely mimic legitimate Microsoft authentication pages. These cyber intrusions reportedly resulted in business email compromise, data breaches, and significant financial losses across several jurisdictions.
Based on precise intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, where three suspects were arrested. Searches conducted at their residences led to the recovery of laptops, mobile phones, and other digital devices. Subsequent forensic analysis linked the recovered equipment to the fraudulent cyber activities.
Further investigation identified Okitipi Samuel, also known by the aliases “RaccoonO365” and “Moses Felix,” as the principal suspect and alleged developer of the phishing infrastructure. Police investigations revealed that he operated a Telegram channel through which phishing links were sold in exchange for cryptocurrency, while fraudulent Microsoft login portals were hosted on Cloudflare using stolen or fraudulently obtained email credentials.
The police clarified that ongoing investigations have so far found no evidence linking the two other arrested individuals to the creation or direct operation of the phishing toolkit, although inquiries into their specific roles continue.
The Nigeria Police Force reaffirmed its commitment to protecting Nigeria’s digital ecosystem, stressing that the success of the operation underscores the importance of advanced technology, strong international partnerships, and meticulous investigative and prosecutorial processes in countering increasingly sophisticated cyber threats.
The Force assured the public that efforts to dismantle cybercrime networks and bring perpetrators to justice would continue, in line with its mandate to safeguard national and global digital security.
