The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) has uncovered an international cybercrime operation involving computer-related fraud, phishing, identity theft, malware attacks and impersonation, with Microsoft 365 users across several countries as primary targets.
The development was disclosed in a statement Benjamin Hundeyin, Force Public Relations Officer, Force Headquarters in Abuja.
According to the police, the investigation was triggered by credible intelligence from Microsoft Office, United States, transmitted through the Federal Bureau of Investigation (FBI), indicating the use of a sophisticated phishing toolkit known as Raccoon0365.
Read also: Microsoft bets on skills to position Nigeria for $1.5trn AI opportunity
The toolkit was allegedly deployed to create fake Microsoft login portals designed to harvest users’ credentials and unlawfully access email accounts belonging to corporate organisations, financial institutions and educational establishments.
Following the intelligence, the NPF–NCCC launched a coordinated international operation in collaboration with Microsoft, the FBI and the United States Secret Service.
Investigations revealed that between January and September 2025, multiple cases of unauthorised access to Microsoft 365 accounts were traced to phishing emails crafted to closely resemble legitimate Microsoft login pages.
Police said the compromised accounts were subsequently used for business email compromise, internal phishing attacks, data breaches and other cyber-enabled fraud schemes across different jurisdictions.
“Through extensive digital forensics, technical intelligence analysis and cryptocurrency tracing, investigators identified suspicious digital wallets linked to cash-out schemes associated with the operation.
“Acting on actionable intelligence, NPF–NCCC operatives were deployed to Lagos and Edo states, leading to the arrest of three suspects identified as Joshua, James, and Okitipi Samuel on September 20 and October 4, 2025. Search operations conducted at their residences resulted in the recovery of mobile phones, laptops and other digital exhibits allegedly connected to the cybercrime network.
“Further investigations identified Okitipi Samuel, also known online as “Moses Felix,” as the principal suspect and the developer and operator of the phishing infrastructure”, the Police noted.
Police said he managed a Telegram channel used to sell phishing links in exchange for cryptocurrency and hosted fake Microsoft login pages on Cloudflare using stolen or fraudulently obtained email addresses.
It further noted that investigators also established that the principal suspect unlawfully used the email information of one of the other arrested individuals without consent to register some of the fraudulent accounts linked to the operation.
Blockchain analysis reportedly traced cryptocurrency wallets used in the scheme to Bitnob and Exodus Wallet platforms. The associated Know-Your-Customer (KYC) records identified Okitipi Samuel as the sole beneficiary of the illicit proceeds.
Police said evidence showed that the phishing links generated by the suspect enabled multiple unauthorised intrusions into Microsoft 365 accounts across several countries, leading to financial losses, exposure of sensitive information and widespread business email compromise.
Read also: MTN–Microsoft alliance target digital skills boost for 300m Africans
However, the NPF–NCCC stressed that investigations found no evidence linking Joshua and James to the creation or operation of the Raccoon0365 phishing scheme.
“Instead, their personal information and devices were allegedly exploited without their authorisation by the principal suspect.
“A prima facie case has now been established against Okitipi Samuel for identity theft, unlawful access to computer systems, creation and distribution of malicious software, aiding and abetting fraud, and unauthorised interference with network data”, the statement said.
The Force said that he will be charged under relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024.
The Nigeria Police Force, under the leadership of Kayode Egbetokun, Inspector-General of Police, reaffirmed its commitment to safeguarding Nigeria’s digital ecosystem and protecting citizens, businesses and institutions from emerging cyber threats.
The police also reiterated their resolve to strengthen international cooperation in combating transnational cybercrime and ensuring that perpetrators are brought to justice.
