Cybercrime: Police arrest man over 365 cyber attacks targeting Microsoft database

The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) has apprehended high-profile internet fraud suspects involved in targeted cyberattacks against the email systems of major corporate organisations through the deployment of phishing links and malicious software.

Force Public Relations Officer,CSP Benjamin Hundeyin, disclosed this on Thursday, December 18, 2025 in Abuja while briefing journalists on the outcome of investigations carried out by the National Cybercrime Centre of the Nigeria Police Force.

He said’;

“This significant breakthrough followed credible and actionable intelligence received from Microsoft Corporation, United States of America, through the Federal Bureau of Investigation (FBI), which revealed the use of a sophisticated phishing toolkit known as RaccoonO365. The toolkit was designed to create fraudulent Microsoft login portals aimed at harvesting user credentials and unlawfully accessing the email platforms of corporate, financial, and educational institutions.

“Consequently, the NPF–NCCC initiated a coordinated, intelligence-driven operation in collaboration with Microsoft, the FBI, and the United States Secret Service. Investigations traced multiple incidents of unauthorised Microsoft 365 account access between January and September 2025 to phishing emails crafted to closely mimic legitimate Microsoft authentication pages. These activities resulted in business email compromise, data breaches, and financial losses across multiple jurisdictions.

“Acting on precise and actionable intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, leading to the arrest of three suspects. Search operations conducted at their residences resulted in the recovery of laptops, mobile devices, and other digital equipment, which have been linked to the fraudulent scheme after forensic analysis.

He added that between January and September 2025, several reports of unauthorised access to Microsoft 365 accounts were traced to phishing emails designed to mimic legitimate Microsoft login pages, enabling business email compromise, internal phishing, data breaches, and other cyber-enabled fraud.

Hundeyin said digital forensic analysis and cryptocurrency tracing identified wallets connected to the illegal operation.

He noted that operatives were deployed to Lagos and Edo states, leading to the arrest of three suspects identified as Joshua, James, and Okitipi Samuel between September 20 and October 4, 2025.

“Following extensive digital forensic and technical intelligence analysis, the centre conducted cryptocurrency tracing that identified suspicious wallets connected to cash-out schemes. Acting on actionable intelligence, operational teams were deployed to Lagos and Edo states, resulting in the arrest of Joshua, James, and Okitipi Samuel. Searches at their residences led to the recovery of mobile devices, laptops, and other digital exhibits linked to the fraudulent scheme,” he said.

Hundeyin identified Okitipi Samuel, also known as “0365”, and Moses Felix as the principal suspect and developer of the phishing infrastructure.

“The primary suspect, Okitipi Samuel, also known as Moses Felix, has been identified as the developer and operator of the phishing infrastructure. Investigations revealed that he managed a Telegram channel used to sell phishing links in exchange for cryptocurrency and hosted fake login pages on Cloudflare using stolen or fraudulently obtained email addresses,” he said.

He added that investigations confirmed Samuel unlawfully used the email details of one of the arrested individuals without consent to register some of the accounts used in the operation.

The police spokesperson said further investigations revealed that the identities of Joshua and James were used without their consent.

“There was no evidence linking them to the creation or operation of the phishing scheme. They were victims of identity theft,” Hundeyin said.

He said a prima facie case had been established against Samuel for identity theft, unlawful access to computer systems, creation and distribution of malicious software, unauthorised interference with network data, and aiding and abetting fraud.

Hundeyin added that the suspect would be charged under relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024.

He said the suspect would be prosecuted in Nigeria, noting that the country has the capacity to enforce its cybercrime laws, although extradition could be considered if formally requested through due process.

Hundeyin assured Nigerians that the police, under the leadership of the Inspector-General of Police, Kayode Egbetokun, would continue to protect the country’s digital ecosystem and urged citizens to practise good cyber hygiene by being cautious when clicking links and sharing personal information online.