Reuters reported that Microsoft has shut down a Nigerian-based cybercrime operation called RaccoonO365 that reportedly made at least $100,000 in cryptocurrency payments, by building and renting fake Microsoft 365 login pages to scammers around the world.
The service is part of a growing trend called phishing-as-a-service (PhaaS), where cybercriminals lease phishing tools to others who may not have the technical expertise. Since launching in July 2024, RaccoonO365 enabled criminals to impersonate trusted brands and get targets to enter Microsoft login credentials on phony Microsoft login pages.
In a coordinated legal and technical operation, Microsoft, working with cybersecurity firm Cloudflare and the U.S. Secret Service seized nearly 340 websites used by the platform. According to Microsoft, at least 5,000 login credentials were stolen from users across 94 countries.
The operation was run through a private Telegram channel with more than 850 members and reportedly had between 100 and 200 active subscribers. Court filings identify Nigeria-based Joshua Ogundipe as the leader and main operator of the platform.
Microsoft’s Steven Masada, assistant general counsel for the company’s Digital Crimes Unit, noted that the case illustrates how simple subscription-based tools can make cybercrime accessible to virtually anyone.