Microsoft has struck a heavy blow against cybercriminals operating out of Nigeria, shutting down a network known as RaccoonO365 that was quietly fueling online fraud worldwide. The group, active since July 2024, made over $100,000 by selling ready-made fake Microsoft 365 login pages to scammers across the globe. In essence, it turned cybercrime into a subscription service, lowering the barrier for even amateur fraudsters.
In a joint operation with Cloudflare, Microsoft seized 338 domains linked to the syndicate. These fake sites, disguised to look like genuine Microsoft portals, tricked unsuspecting users into handing over their login details. Victims were targeted through emails, attachments and even QR codes, with over 5,000 credentials stolen in 94 countries. Investigators say the stolen data often ended up on the dark web or was used in business email compromise schemes—a fraud pattern notorious in West Africa.
What made RaccoonO365 so dangerous was its simplicity. Operating through an invite-only Telegram group of more than 850 members, it gave 100–200 paying subscribers access to phishing kits that handled everything from link creation to victim tracking. Microsoft’s Digital Crimes Unit (DCU), which led the investigation, warned that such “phishing-as-a-service” platforms are multiplying because they make online fraud easy for anyone with a small budget.
Experts say the takedown is a win, but the bigger picture is worrying. Phishing remains Africa’s most common cyber threat, with some countries seeing scam alerts jump by as much as 3,000 percent this year. In Nigeria, where cloud adoption is accelerating, the risks are even higher. Local firms are already on alert for ransomware like Phobos, and analysts stress that small and medium businesses relying on Microsoft tools must urgently boost their cyber defences.
As one Lagos-based IT consultant told me, “The fight is no longer against lone hackers in a room—it’s against organized crime selling cyber tools like Netflix subscriptions. Nigerian businesses need to wake up before they’re the next victims.”
