Police initiate investigation into international cybercrime case

The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has commenced investigation into a major international cybercrime case.

The Force Public Relations Officer, CSP Benjamin Hundeyin, said this during a news conference on Thursday in Abuja.

He said the cybercrime case involved computer-related fraud, phishing, identity theft, malware attacks and impersonation, targeting Microsoft 365 users across multiple countries.

Hundeyin said the investigation commenced following credible intelligence received from Microsoft Office in the U.S through the Federal Bureau of Investigation (FBI).

He said the intelligence indicated that a malicious phishing toolkit known as Raccoon0365 was being used to create fake Microsoft login portals.

The police spokesman said the portal was being used to harvest user credentials, and unlawfully access the email accounts of corporate organisations, financial institutions, and educational establishments.

“The NPF-NCCC initiated a coordinated operation with Microsoft, the FBI, and the United States Secret Service.

“Between January and September 2025, several reports of unauthorized access to Microsoft 365 accounts were traced to phishing emails designed to mimic legitimate Microsoft login pages.

“The phishing emails had enabled business email compromise, internal phishing, data breaches, and other cyber-enabled fraud,” he said.

According to him, through extensive digital forensics and technical intelligence analysis, the NPF-NCCC conducted cryptocurrency tracing that identified suspicious wallets connected to cash-out schemes.

He said operational teams were deployed to Lagos and Edo States following actionable intelligence that resulted in the arrest of three suspects.

Hundeyin said search operations at the residences of the suspects led to the recovery of mobile devices, laptops, and other digital exhibits linked to the elaborate and fraudulent scheme.

“The primary suspect has been identified as the developer and operator of this Phishing infrastructure.

“Further investigations revealed that he managed a Telegram channel used to sell phishing links for cryptocurrency and hosted fake login pages on Cloudflare using stolen or fraudulently obtained email addresses.

“Investigations also confirm that he unlawfully used the email information of one of the arrested individuals without consent to register some of these accounts,” he said.

According to him, blockchain analysis further traced cryptocurrency wallets used in the operation to Bitnob and Exodus Wallet, with the linked KYC information identifying the principal suspect as the sole beneficiary.

He said evidence had shown that the phishing links he generated facilitated multiple unauthorised intrusions into Microsoft 365 accounts across several jurisdictions, resulting in business email compromise, financial losses, and the exposure of sensitive information.

“Importantly, the investigation found no evidence that the two others participated in the creation or operation of the RaccoonO365 scheme.

“Their personal information and devices were instead exploited without their authorisation by the principal suspect,” he said.

He said a prima facie case had been established against the principal suspect for identity theft, unlawful access to computer systems, creation and distribution of malicious software, aiding and abetting fraud, and unauthorised interference with network data.

The police spokesman said the suspect would be charged to court under the relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act 2024.