Microsoft Seizes 338 Nigerian-Led ‘RaccoonO365’ Phishing Websites Impersonating Login Pages to Steal User Credentials

Microsoft’s Digital Crimes Unit has shut down a Nigerian-led phishing network called “RaccoonO365”, seizing 338 websites used to impersonate Microsoft login pages and steal user credentials.

Microsoft’s Digital Crimes Unit (DCU) has successfully disrupted a major phishing operation known as “RaccoonO365,” taking control of 338 websites that were used to impersonate Microsoft login pages and steal user credentials.

The sophisticated service, led by Nigerian national Joshua Ogundipe, ran on a subscription model, selling phishing kits that allowed even low-skilled attackers to carry out large-scale credential harvesting campaigns.

According to Microsoft, Ogundipe and his associates were deeply embedded in the scheme, “developing the code, selling subscriptions, and providing customer support to other cybercriminals.” The operation used fictitious names and fake physical addresses to register domains across multiple countries.

The disruption was made possible through a U.S. court order from the Southern District of New York, which authorized the seizure of the domains. A key breakthrough came when the attackers made an operational security error, accidentally exposing a cryptocurrency wallet that investigators used to map the network.

DON’T MISS: Doctor Abandoned Patient in the Middle of Surgery to Have S3x With Nurse

The phishing kits, distributed via Telegram, enabled criminals to mimic Microsoft emails and launch mass campaigns—sending thousands of phishing messages daily and scaling up to hundreds of millions each year.

Microsoft revealed that the group had been innovating quickly, even rolling out advanced tools such as “RaccoonO365 AI-MailCheck” to increase the scale and sophistication of their attacks.