Police, FBI, US Secret Service Nab Alleged ‘RaccoonO365’ Phishing Kingpin, Two Others in Nigeria
Operatives of the Nigeria Police Force National Cybercrime Centre (NPF–NCCC), in collaboration with the United States Federal Bureau of Investigation (FBI) and the US Secret Service, have arrested three suspected high-profile internet fraudsters in Lagos and Edo states over alleged cyber fraud.
The suspects were accused of carrying out targeted cyber-attacks on the email systems of major corporate organisations, largely within Nigeria.
The Force Public Relations Officer, CSP Benjamin Hundeyin, disclosed this in a statement on Thursday, explaining that the suspects executed the attacks through phishing links and the deployment of malicious software.
According to the statement, the arrests followed credible and actionable intelligence received from Microsoft Corporation and the FBI, which exposed the use of a sophisticated phishing toolkit known as RaccoonO365.
Hundeyin said the toolkit was designed to create fake Microsoft login portals used to harvest user credentials and gain unauthorised access to email platforms of corporate, financial and educational institutions.
He noted that the NPF–NCCC subsequently launched an intelligence-driven operation in partnership with Microsoft, the FBI and the US Secret Service.
Investigations revealed multiple cases of unauthorised Microsoft 365 account access between January and September 2025, traced to phishing emails crafted to closely resemble genuine Microsoft authentication pages. The attacks reportedly resulted in business email compromise, data breaches and financial losses across several jurisdictions.
Acting on precise intelligence, NPF–NCCC operatives were deployed to Lagos and Edo states, where three suspects were arrested. Searches conducted at their residences led to the recovery of laptops, mobile phones and other digital devices, which forensic analysis linked to the fraud scheme.
Further investigations identified Okitipi Samuel, also known as “RaccoonO365” and “Moses Felix,” as the principal suspect and developer of the phishing infrastructure. Police said he operated a Telegram channel where phishing links were sold for cryptocurrency and hosted fake login portals on Cloudflare using stolen or fraudulently obtained email credentials.
However, investigators said there was no evidence linking the two other suspects to the creation or operation of the phishing toolkit.
The Nigeria Police Force reaffirmed its commitment to protecting the country’s digital space through advanced technology, strong international partnerships, and thorough investigative and prosecutorial processes to combat emerging cyber threats.
