Microsoft 365 Phishing Ring Hit As Nigeria Arrests Key Suspect

By TOSI ORE

Nigerian Police Arrest Alleged Microsoft Phishing Kingpin

NIGERIA’S cybercrime authorities have arrested three individuals in connection with phishing attacks targeting Microsoft 365 users, including the alleged creator of the RaccoonO365 phishing-as-a-service platform.

The Nigeria Police Force National Cybercrime Centre said the arrests followed months of investigation carried out with support from Microsoft and the FBI.

How the Scheme Operated

Police identified the main suspect as Okitipi Samuel, also known as Moses Felix, who allegedly developed and managed the phishing infrastructure. Investigators said he distributed phishing links via Telegram, accepted cryptocurrency payments and hosted fake Microsoft authentication pages on Cloudflare.

Digital devices believed to have been used in the operation were recovered during searches, although police noted that the two additional suspects were not directly involved in the platform’s development.

Scale of the Cybercrime

RaccoonO365 enables cybercriminals to harvest login credentials by mimicking legitimate Microsoft 365 login pages. Microsoft has linked the tool to thousands of compromised accounts globally and tracks the group behind it as Storm-2246.

Authorities said the phishing campaign led to multiple cases of unauthorised access to corporate and institutional email systems between January and September 2025, resulting in financial losses and data theft across several countries.

International Enforcement Momentum

The arrests align with a wider international crackdown on phishing-as-a-service operations. Recent lawsuits filed by Microsoft and Google underscore growing efforts by tech companies and law enforcement agencies to dismantle commercialised cybercrime platforms.