Dare Babalola
The Nigeria Police Force’s National Cybercrime Centre (NPF-NCCC), in a joint operation with the United States’ Federal Bureau of Investigation (FBI) and the US Secret Service, have arrested three high-profile suspects involved in internet fraud in Lagos and Edo State.
According to a statement by the Force Public Relations Officer, CSP Benjamin Hundeyin, released on Thursday, the suspects allegedly carried out their crimes using phishing links and malicious software.
The statement disclosed that the suspects were involved in targeted cyber-attacks against the email systems of major corporate organisations mostly in Nigeria.
The statement revealed that the arrest followed credible intelligence from Microsoft Corporation and the FBI, which exposed the suspects’ use of a sophisticated phishing toolkit known as RaccoonO365.
According to CSP Benjamin Hundeyin, the toolkit was crafted to generate fake Microsoft login portals, targeting the theft of user credentials and unauthorized access to email platforms of corporations, financial institutions, and educational bodies.
He said, “Consequently, the NPF–NCCC initiated a coordinated, intelligence-driven operation in collaboration with Microsoft, the FBI, and the United States Secret Service.
“Investigations traced multiple incidents of unauthorised Microsoft 365 account access between January and September 2025 to phishing emails crafted to closely mimic legitimate Microsoft authentication pages.
“These activities resulted in business email compromise, data breaches, and financial losses across multiple jurisdictions.
“Acting on precise and actionable intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, leading to the arrest of three suspects.
“Search operations conducted at their residences resulted in the recovery of laptops, mobile devices, and other digital equipment, which have been linked to the fraudulent scheme after forensic analysis.
“Further investigations identified Okitipi Samuel, also known as ‘RaccoonO365’ and ‘Moses Felix,’ as the principal suspect and developer of the phishing infrastructure.
“Investigations reveal that he operated a Telegram channel through which phishing links were sold in exchange for cryptocurrency and hosted fraudulent login portals on Cloudflare using stolen or fraudulently obtained email credentials.
“Notably, investigations revealed no evidence linking the two other arrested individuals to the creation or operation of the phishing scheme.
“The Nigeria Police Force reaffirms its steadfast commitment to safeguarding Nigeria’s digital space through the deployment of advanced technology, strengthened international partnerships, and diligent investigative and prosecutorial processes aimed at effectively countering evolving cyber threats”.
