The Nigeria Police Force has made a significant breakthrough in combating cybercrime with the arrest of a key suspect linked to a sophisticated phishing attack targeting Microsoft's global database.
International Collaboration Leads to Arrest
The Force Public Relations Officer, CSP Benjamin Hundeyin, announced the arrest in Abuja on Thursday, December 18, 2025. The operation was spearheaded by the National Cybercrime Centre of the Nigeria Police Force under its Director, Commissioner of Police Ifeanyi Uche.
Investigations were a collaborative effort involving Microsoft, the United States Federal Bureau of Investigation (FBI), the United States Secret Service, and the United Kingdom’s National Crime Agency. The probe began after Microsoft USA provided credible intelligence via the FBI about a malicious phishing toolkit in circulation.
Unmasking the 'Raccoon 0365' Operation
The toolkit, identified as “Raccoon 0365,” was used to create counterfeit Microsoft login portals. These fake pages were designed to harvest user credentials, leading to the unlawful access of email accounts belonging to corporate organisations, financial institutions, and educational establishments across several countries.
Between January and September 2025, a series of unauthorized access incidents to Microsoft 365 accounts were traced back to these phishing emails. The scam enabled business email compromise, internal phishing campaigns, data breaches, and other forms of cyber-enabled fraud.
Through digital forensic analysis and cryptocurrency tracing, police identified wallets connected to the illegal cash-out schemes. This actionable intelligence led to the deployment of operatives to Lagos and Edo states.
The Arrests and the Mastermind
Between September 20 and October 4, 2025, three individuals were apprehended: Joshua, James, and Okitipi Samuel. Searches at their residences yielded mobile devices, laptops, and other digital evidence linked to the fraud.
Further investigation exonerated Joshua and James. “There was no evidence linking them to the creation or operation of the phishing scheme. They were victims of identity theft,” Hundeyin clarified. Their identities were used without consent to register accounts for the operation.
The focus shifted to Okitipi Samuel, also known as “0365” and Moses Felix, who was identified as the primary suspect and developer of the phishing infrastructure. Investigations revealed he managed a Telegram channel to sell phishing links for cryptocurrency and hosted the fake login pages on Cloudflare using stolen or fraudulently obtained email addresses.
A prima facie case has been established against Samuel for multiple offences, including:
- Identity theft
- Unlawful access to computer systems
- Creation and distribution of malicious software
- Unauthorised interference with network data
- Aiding and abetting fraud
He will be charged under the relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024. The police confirmed the suspect will be prosecuted in Nigeria, asserting the country's capacity to enforce its cybercrime laws, though extradition remains an option if formally requested through due process.
A Call for Public Vigilance
CSP Hundeyin assured Nigerians that the police, under Inspector-General of Police Kayode Egbetokun, remain committed to safeguarding the nation's digital ecosystem. He urged citizens to practice good cyber hygiene.
Echoing this sentiment, the Director of the National Cybercrime Centre, CP Ifeanyi Uche, advised the public to exercise extreme caution online. He warned against clicking on links from unknown or unexpected sources, as they often contain malware or phishing tools.
“Indiscriminate clicking of links or responding to unsolicited emails could lead to unauthorised access to personal and corporate accounts,” Uche stated, urging citizens to “wash their cyber hands” by verifying sources before taking any action online.
