The Nigeria Police Force has arrested a Nigerian, Okitipi Samuel, in connection with a global cyberattack targeting users of Microsoft 365.
The Force Public Relations Officer, Benjamin Hundeyin, disclosed this on Thursday in Abuja while briefing journalists on findings from investigations conducted by the National Cybercrime Centre of the Nigeria Police Force.
Hundeyin said the probe was initiated by the centre under the leadership of its Director, Commissioner of Police Ifeanyi Uche, in collaboration with Microsoft, the Federal Bureau of Investigation, the United States Secret Service and the United Kingdom’s National Crime Agency.
He explained that investigations uncovered the use of a phishing toolkit known as “Raccoon 0365” to create fake Microsoft login portals, harvest users’ credentials and gain unauthorised access to email accounts belonging to corporate bodies, financial institutions and educational organisations across several countries.
“This investigation commenced following credible intelligence received from Microsoft USA through the FBI, indicating that a malicious phishing toolkit known as Raccoon0365 was being used to create fake Microsoft login portals, harvest user credentials, and unlawfully access the email accounts of corporate organisations, financial institutions, and educational establishments,” Hundeyin said.
According to him, between January and September 2025, multiple cases of unauthorised access to Microsoft 365 accounts were linked to phishing emails designed to imitate legitimate Microsoft login pages, leading to business email compromise, internal phishing, data breaches and other cyber-enabled fraud.
Hundeyin said digital forensic examinations and cryptocurrency tracing revealed wallets connected to the illegal operation, prompting the deployment of operatives to Lagos and Edo states.
He said the operation led to the arrest of three suspects identified as Joshua, James and Okitipi Samuel between September 20 and October 4, 2025, with devices and other digital exhibits recovered from their residences.
“Following extensive digital forensic and technical intelligence analysis, the centre conducted cryptocurrency tracing that identified suspicious wallets connected to cash-out schemes.
“Acting on actionable intelligence, operational teams were deployed to Lagos and Edo states, resulting in the arrest of Joshua, James, and Okitipi Samuel. Searches at their residences led to the recovery of mobile devices, laptops, and other digital exhibits linked to the fraudulent scheme,” he said.
The police spokesperson identified Samuel, also known as “0365” and Moses Felix, as the principal suspect and developer of the phishing infrastructure behind the operation.
“The primary suspect, Okitipi Samuel, also known as Moses Felix, has been identified as the developer and operator of the phishing infrastructure. Investigations revealed that he managed a Telegram channel used to sell phishing links in exchange for cryptocurrency and hosted fake login pages on Cloudflare using stolen or fraudulently obtained email addresses,” Hundeyin said.
He added that further findings showed Samuel unlawfully used the email details of one of the arrested individuals without consent to register some of the accounts used in the scheme.
Hundeyin said investigations also established that the identities of Joshua and James were used without their knowledge, stressing that they were not involved in the creation or operation of the phishing network.
“There was no evidence linking them to the creation or operation of the phishing scheme. They were victims of identity theft,” he said.
He noted that a prima facie case had been established against Samuel for offences including identity theft, unlawful access to computer systems, creation and distribution of malicious software, unauthorised interference with network data, as well as aiding and abetting fraud.
Hundeyin said the suspect would be charged under relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024, adding that prosecution would take place in Nigeria, although extradition could be considered if formally requested through due process.
He assured Nigerians that the police, under the leadership of the Inspector-General of Police, Kayode Egbetokun, would continue to safeguard the country’s digital space and urged citizens to adopt safe online practices.
In a separate remark, the Director of the National Cybercrime Centre, CP Ifeanyi Uche, warned Nigerians to be vigilant online, advising them to avoid clicking links from unknown or unexpected sources.
Uche said such links often contain malware or phishing tools capable of compromising devices and personal data, urging the public to verify sources before responding to emails or messages in order to prevent unauthorised access to personal and corporate accounts.