FBI Team Up with Nigerian Police, Arrest Lagos-Based Int'l Suspect
- The Nigeria Police Force have arrested Okitipi Samuel over an alleged global phishing attack targeting Microsoft 365 users
- Investigations linked the operation to the use of a phishing toolkit known as Raccoon0365, with international agencies supporting the probe
- Police identified Samuel as the principal suspect, while two other arrested individuals were cleared as identity theft victims
The Nigeria Police Force has arrested a Nigerian man, Okitipi Samuel, in connection with a large scale cyberattack that targeted Microsoft 365 users across several countries.
The arrest followed months of investigations by the National Cybercrime Centre into unauthorised access to corporate, financial, and educational email accounts.
Source: Facebook
In a post on social media, force Public Relations Officer Benjamin Hundeyin disclosed the development on Thursday in Abuja while briefing journalists on the outcome of the probe.
He said the investigation was carried out under the leadership of the Director of the National Cybercrime Centre, Commissioner of Police Ifeanyi Uche, with support from international partners.
FBI collaborated with Nigeria's force
Hundeyin said the investigation was initiated after intelligence was received from Microsoft in the United States through the Federal Bureau of Investigation. The intelligence pointed to the use of a phishing toolkit known as Raccoon 0365 to compromise Microsoft 365 accounts.
“This investigation commenced following credible intelligence received from Microsoft USA through the FBI, indicating that a malicious phishing toolkit known as Raccoon0365 was being used to create fake Microsoft login portals, harvest user credentials, and unlawfully access the email accounts of corporate organisations, financial institutions, and educational establishments,” Hundeyin said.
According to the police, the phishing operation relied on emails designed to resemble legitimate Microsoft login pages. Between January and September 2025, these messages were used to gain unauthorised access to accounts, leading to business email compromise, internal phishing, and data breaches in multiple jurisdictions.
Nigeria police make arrests after forensic findings
Hundeyin said digital forensic analysis and cryptocurrency tracing played a key role in identifying those behind the scheme. Suspicious wallets linked to cash out activities were traced, prompting police action in Lagos and Edo states.
Source: Getty Images
“Following extensive digital forensic and technical intelligence analysis, the centre conducted cryptocurrency tracing that identified suspicious wallets connected to cash-out schemes,” he said.
He added that operatives arrested three individuals identified as Joshua, James, and Okitipi Samuel between September 20 and October 4, 2025. Searches at their residences led to the recovery of laptops, mobile phones, and other digital devices linked to the investigation.
Principal suspect identified by Police
Police identified Okitipi Samuel, also known as Moses Felix and “0365,” as the main suspect and developer of the phishing infrastructure. Hundeyin said Samuel operated a Telegram channel where phishing links were sold for cryptocurrency and hosted fake login pages using Cloudflare.
“The primary suspect, Okitipi Samuel, also known as Moses Felix, has been identified as the developer and operator of the phishing infrastructure,” Hundeyin said.
Further investigations showed that the identities of Joshua and James were used without their consent.
“There was no evidence linking them to the creation or operation of the phishing scheme. They were victims of identity theft,” Hundeyin said.
The police said a prima facie case had been established against Samuel for offences including identity theft, unlawful system access, and distribution of malicious software. He is expected to be charged under the Cybercrimes Act.
Commissioner Uche urged Nigerians to be cautious online and warned against clicking unknown links, noting that many contain tools designed to steal personal and corporate data.
Did Lagos Yahoo Boy scam Donald Trump?
Earlier, Legit.ng reported that social media posts and Nigerian news websites claimed that a Nigerian-based 'Yahoo Boy' conned United States (US) President Donald Trump out of 250,000 dollars.
Legit.ng reports that ‘Yahoo Boy’ (an alternative name for ‘Yahoo Yahoo’ or ‘G-Boys’) is used to describe people who defraud mostly non-Nigerians via the internet.
Upon close and deliberate investigation, Legit.ng found out the truth of the story.
Source: Legit.ng
