The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has begun an investigation into a major international cybercrime case involving computer-related fraud, phishing, identity theft, malware attacks, and impersonation, targeting Microsoft 365 users across multiple countries.
The investigation followed credible intelligence received from Microsoft Office USA through the Federal Bureau of Investigation (FBI), indicating that a malicious phishing toolkit known as Raccoon365 was being used to create fake Microsoft login portals, harvest user credentials, and unlawfully access the email accounts of corporate organisations, financial institutions, and educational establishments.
The NPF-NCCC initiated a coordinated operation with Microsoft, the FBI, and the United States Secret Service.
Force public relations officer, CSP Benjamin Hundeyin, said, “Between January and September 2025, several reports of unauthoried access to Microsoft 365 accounts were traced to phishing emails designed to mimic legitimate Microsoft login pages, enabling business email compromise, internal phishing, data breaches, and other cyber-enabled fraud.
“Through extensive digital forensics and technical intelligence analysis, the centre conducted cryptocurrency tracing that identified suspicious wallets connected to cash-out schemes.
“Acting on actionable intelligence, operational teams were deployed to Lagos and Edo States, resulting in the arrest of Joshua James on September 20 and Okitipi Samuel on October 4, 2025. Search operations at their residences led to the recovery of mobile devices, laptops, and other digital exhibits linked to the elaborate and fraudulent scheme. The primary suspect, Mr Okitipi Samuel, also known as ‘Raccoon0365’ and Moses Felix, has been identified as the developer and operator of this phishing infrastructure,” he said.
The police added that “further investigations revealed that he managed a Telegram channel used to sell phishing links for cryptocurrency and hosted fake login pages on Cloudflare using stolen or fraudulently obtained email addresses.
“Investigations also confirm that he unlawfully used the email information of one of the arrested individuals without consent to register some of these accounts.
“Blockchain analysis further traced cryptocurrency wallets used in the operation to Bitnob and Exodus Wallet, with the linked KYC information identifying Okitipi Samuel as the sole beneficiary. Evidence shows that the phishing links he generated facilitated multiple unauthorised intrusions into Microsoft 365 accounts across several jurisdictions, resulting in business email compromise, financial losses, and the exposure of sensitive information.
“Importantly, the investigation found no evidence that Joshua and James participated in the creation or operation of the RaccoonO365 scheme,” he said.
We’ve got the edge. Get real-time reports, breaking scoops, and exclusive angles delivered straight to your phone. Don’t settle for stale news. Join LEADERSHIP NEWS on WhatsApp for 24/7 updates →
Join Our WhatsApp Channel
