Nigerian authorities have arrested a suspect linked to a large phishing operation that targeted Microsoft 365 users worldwide. The arrest was carried out by the Nigeria Police Force National Cybercrime Centre (NPF–NCCC). The suspect is believed to be the developer behind a phishing toolkit known as RaccoonO365. This operation was used to steal login credentials from victims across multiple countries.
The suspect has been identified as Okitipi Samuel, also known online as “RaccoonO365” and “Moses Felix.” Investigators say he played a central role in creating and running the phishing service. The arrest followed intelligence shared by Microsoft and international law-enforcement agencies. Authorities describe the case as a major step against organised cybercrime.
RaccoonO365 was designed to mimic real Microsoft 365 login pages. Victims were tricked into entering their usernames and passwords on fake websites. These phishing pages were distributed through convincing emails sent to businesses, schools, and organisations. Once credentials were stolen, attackers could access email accounts and sensitive data.
According to investigators, the phishing activity was active for several months. Many of the compromised accounts belonged to employees of companies and institutions. Stolen credentials were later used for unauthorised access, fraud, and further cyber attacks. This type of attack is commonly linked to business email compromise incidents.
Microsoft had earlier disrupted the operation by taking control of hundreds of malicious domains linked to RaccoonO365. These domains were used to host phishing pages and redirect victims. The takedown helped reduce the scale of the attacks. Law-enforcement agencies then moved to identify and arrest the individuals behind the operation.
The investigation involved cooperation between Nigeria, the United States, and other international partners. Agencies including the FBI assisted with technical analysis and intelligence sharing. Digital evidence, online activity, and financial trails were examined during the investigation. This collaboration helped link the phishing toolkit to its alleged developer.
Police also detained two other individuals during the operation. However, further investigation showed they were not directly involved in developing the phishing platform. Authorities clarified that their identities had been misused. Only Okitipi Samuel is believed to be responsible for creating and operating RaccoonO365.
Officials say the case highlights the growing threat of phishing-as-a-service platforms. Such tools allow cybercriminals with little technical skill to launch large attacks. Nigerian authorities have reaffirmed their commitment to fighting cybercrime. They also urged organisations and individuals to remain cautious and strengthen their online security.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
