Nigeria Police, FBI Bust RaccoonO365 Phishing Syndicate, Arrest Three Cybercrime Suspects in Lagos, Edo
Nigeria’s cybercrime investigators, working alongside international partners (FBI), have dismantled a suspected high-level internet fraud network operating across Lagos and Edo States, PulseNets learnt.
The coordinated operation was carried out by the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) in collaboration with the United States Federal Bureau of Investigation (FBI) and the US Secret Service, leading to the arrest of three suspected cybercriminals allegedly linked to targeted attacks on corporate email systems.
Information obtained by PulseNets indicates that the suspects were involved in sophisticated cyber intrusions targeting major corporate organisations, largely within Nigeria, through carefully orchestrated phishing campaigns.
Confirming the development, the Force Public Relations Officer, CSP Benjamin Hundeyin, disclosed in a statement issued on Thursday that the suspects executed the alleged crimes “by deploying phishing links and malicious software designed to deceive unsuspecting victims.”
According to the statement, the arrests followed credible intelligence shared by Microsoft Corporation in conjunction with the FBI, which exposed the “use of an advanced phishing toolkit known as RaccoonO365.”
Hundeyin explained that the toolkit was specifically engineered to generate fake Microsoft login interfaces aimed at stealing user credentials and illegally accessing email platforms belonging to corporate, financial, and educational institutions.
He stated that “the NPF–NCCC subsequently launched a coordinated, intelligence-led operation in partnership with Microsoft, the FBI, and the United States Secret Service.”
Providing further insight, the police spokesperson noted that “investigations linked several cases of unauthorised Microsoft 365 account access recorded between January and September 2025 to phishing emails crafted to closely resemble genuine Microsoft authentication pages.”
He added that “these cyber intrusions resulted in business email compromise, data breaches, and significant financial losses spanning multiple jurisdictions.”
Acting on what he described as precise and actionable intelligence, Hundeyin said NPF–NCCC operatives were deployed to Lagos and Edo States, culminating in the arrest of three suspects connected to the scheme.
He revealed that “searches carried out at the suspects’ residences led to the recovery of laptops, mobile phones, and other digital devices, which forensic analysis has directly linked to the fraudulent operation.”
Further findings, according to Hundeyin, identified one Okitipi Samuel—also known by the aliases “RaccoonO365” and “Moses Felix”—as the principal suspect and alleged architect of the phishing infrastructure.
He disclosed that “investigations show that Samuel operated a Telegram channel where phishing links were sold in exchange for cryptocurrency and hosted fake login portals on Cloudflare using stolen or fraudulently acquired email credentials.”
However, the police clarified that “there is currently no evidence connecting the two other arrested individuals to the creation or direct management of the phishing framework.”
Also Read: ADC Alleges Hidden FBI Files After Trump Labels Nigeria a “Disgraceful Country”
Reaffirming institutional resolve, Hundeyin stressed that “the Nigeria Police Force remains fully committed to protecting the country’s digital ecosystem through advanced technology deployment, strengthened international cooperation, and thorough investigative and prosecutorial processes to counter emerging cyber threats.”
