By Kingsley Omonobi
The Nigeria Police Force National Cybercrime Centre (NPF–NCCC), in collaboration with the United States Federal Bureau of Investigation (FBI), has launched an investigation into a major international cybercrime operation targeting Microsoft 365 users across multiple countries. The case involves computer-related fraud, phishing, identity theft, malware attacks, and impersonation.
Authorities said the investigation was triggered by intelligence from Microsoft U.S.A., conveyed through the FBI, indicating that a malicious phishing toolkit known as RaccoonO365 was being used to create fake Microsoft login portals, harvest user credentials, and unlawfully access email accounts of corporate organisations, financial institutions, and educational establishments.
According to the police, formal approval for the investigation was granted by the Deputy Inspector-General of Police, Force Criminal Investigation Department, in September 2025. The NPF–NCCC subsequently coordinated operations with Microsoft, the FBI, and the United States Secret Service.
Between January and September 2025, multiple reports of unauthorized access to Microsoft 365 accounts were linked to phishing emails designed to mimic legitimate Microsoft login pages, facilitating business email compromise, internal phishing, data breaches, and other cyber-enabled frauds.
Through extensive digital forensics, investigators traced malicious IP addresses, compromised domains, email artifacts, and malware samples connected to the attacks. Cryptocurrency tracing further identified suspicious wallets used in cash-out schemes. Requests for information were also sent to Nigerian telecommunications and financial service providers.
Operations in Lagos and Edo States led to the arrest of Joshua Ogundipe, James Ogundipe, and Okitipi Samuel in September and October 2025. Searches of their residences yielded mobile devices, laptops, and other digital evidence.
Investigations revealed that between July 2024 and September 2025, Microsoft and Cloudflare dismantled 338 phishing domains linked to the RaccoonO365 toolkit, which had stolen more than 5,000 Microsoft 365 credentials.
The primary suspect, Okitipi Samuel, also known as “Raccoon0365” and “Moses Felix,” is identified as the developer and operator of the phishing infrastructure. He ran a Telegram channel selling phishing links for cryptocurrency and hosted fake login pages on Cloudflare using stolen or fraudulently obtained email addresses. Blockchain analysis traced wallets associated with the scheme to Bitnob and Exodus Wallet, with KYC data identifying Okitipi Samuel as the sole beneficiary.
Investigations confirmed that Joshua Ogundipe and James Ogundipe were not involved in creating or operating the scheme; their information and devices were exploited without consent by the principal suspect.
The NPF–NCCC has now established a prima facie case against Okitipi Samuel for identity theft, unlawful access to computer systems, creation and distribution of malicious software, aiding and abetting fraud, and unauthorized interference with network data. Forensic analysis of his devices is ongoing, and he is expected to be charged under the Cybercrimes (Prohibition, Prevention, etc.) Act 2024.
The case has been forwarded to the Inspector-General of Police for further directives.
The Nigeria Police Force reaffirmed its commitment to protecting the country’s digital ecosystem and safeguarding citizens, businesses, and institutions from cyber threats.
The post NPF Cybercrime Centre, FBI launch manhunt for International Microsoft 365 fraudsters appeared first on Vanguard News.
