The Nigeria Police Force has announced the arrest of a suspect, Okitipi Samuel, over his alleged involvement in a cyberattack on the database of multinational technology company, Microsoft.
Force Public Relations Officer,CSP Benjamin Hundeyin in a statement on Thursday, December 18, 2025.
The arrest according to him, followed credible and actionable intelligence received from Microsoft Corporation, United States of America, through the Federal Bureau of Investigation (FBI), which revealed the use of a sophisticated phishing toolkit known as RaccoonO365.
“The toolkit was designed to create fraudulent Microsoft login portals aimed at harvesting user credentials and unlawfully accessing the email platforms of corporate, financial, and educational institutions.
“Consequently, the NPF–NCCC initiated a coordinated, intelligence-driven operation in collaboration with Microsoft, the FBI, and the United States Secret Service. Investigations traced multiple incidents of unauthorised Microsoft 365 account access between January and September 2025 to phishing emails crafted to closely mimic legitimate Microsoft authentication pages.
” These activities resulted in business email compromise, data breaches, and financial losses across multiple jurisdictions.
“Acting on precise and actionable intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, leading to the arrest of three suspects. Search operations conducted at their residences resulted in the recovery of laptops, mobile devices, and other digital equipment, which have been linked to the fraudulent scheme after forensic analysis.
“Further investigations identified Okitipi Samuel, also known as “RaccoonO365” and “Moses Felix,” as the principal suspect and developer of the phishing infrastructure.
” Investigations reveal that he operated a Telegram channel through which phishing links were sold in exchange for cryptocurrency and hosted fraudulent login portals on Cloudflare using stolen or fraudulently obtained email credentials.
“Notably, investigations revealed no evidence linking the two other arrested individuals to the creation or operation of the phishing scheme.
Hundeyin said digital forensic analysis and cryptocurrency tracing identified wallets connected to the illegal operation.
He added that investigations confirmed Samuel unlawfully used the email details of one of the arrested individuals without consent to register some of the accounts used in the operation.
The police spokesperson said further investigations revealed that the identities of Joshua and James were used without their consent.
“There was no evidence linking them to the creation or operation of the phishing scheme. They were victims of identity theft,” Hundeyin said.
He said a prima facie case had been established against Samuel for identity theft, unlawful access to computer systems, creation and distribution of malicious software, unauthorised interference with network data, and aiding and abetting fraud.
Hundeyin added that the suspect would be charged under relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024.
He said the suspect would be prosecuted in Nigeria, noting that the country has the capacity to enforce its cybercrime laws, although extradition could be considered if formally requested through due process.
Hundeyin assured Nigerians that the police, under the leadership of the Inspector-General of Police, Kayode Egbetokun, would continue to protect the country’s digital ecosystem and urged citizens to practise good cyber hygiene by being cautious when clicking links and sharing personal information online.
