Microsoft Shuts Down 340 Phishing Websites From Nigeria Scheme

Photo: Reuters

Microsoft recently shut down almost 340 websites that were part of a Nigerian-based phishing service known as Raccoon0365. This service let people pay a subscription to carry out phishing—tricking victims into giving their Microsoft login credentials.

According to Microsoft, the criminals behind Raccoon0365 stole login information from at least 5,000 Microsoft user accounts. They also earned over US$100,000 in cryptocurrency since the service began in July 2024.

How the Service Worked

• Here is how Raccoon0365 operated:
• It was subscription based: meaning someone paid money to use the service.
• It ran through a private Telegram channel that had more than 850 subscribers. In that channel, people shared tools, advice, and website addresses to use for phishing.

Subscribers could make fake Microsoft login pages. They would send these to targets, pretending to be legitimate Microsoft pages. When victims entered their credentials (username and password), the criminals stole them.

Who Was Behind It

Microsoft identifies a man called Joshua Ogundipe, based in Nigeria, as the leader of Raccoon0365. He is allegedly the main operator who kept the service running.

Experts say that even though the scheme was large, the criminals made mistakes in how they ran it. These mistakes helped law enforcement (security agencies) trace and disrupt its operations.

Types of Targets and Scale

The phishing service did not only target individuals. Many organizations were targeted too. Some of the key facts:

Among the victims were health organizations. Microsoft, along with a health cybersecurity group called Health-ISAC, say that at least five health firms had successful credential theft. Another 25 health sector organizations were targeted but may not have been successfully breached.

One large campaign used tax-themed phishing emails in February 2025. In that campaign, more than 2,300 U.S. organizations were targeted. The emails pretended to be related to tax matters, to trick people into clicking on links.

What Microsoft Did

To stop the scheme, Microsoft took legal action:

They got an order from a U.S. District Court in Manhattan. This court order allowed them to seize the domain names (web addresses) of nearly 340 websites connected to Raccoon0365.

Microsoft worked with Cloudflare (a web infrastructure company) and the U.S. Secret Service to block the infrastructure (back-end) that supported phishing.

Cloudflare helped by shutting down or disabling certain servers and accounts used by Raccoon0365. This prevented the criminals from spinning up new phishing sites or hiding behind cover.

Why Some Mistakes Helped Catch Them

• Even though Raccoon0365 was dangerous and effective, the operators made some errors that helped Microsoft and security agencies:
• They left traces in domains and hosting that could be followed.
• They reused parts of infrastructure which made it easier to map out the network of phishing sites.
• The errors meant that when law enforcement started investigating, they had enough evidence to identify operators and seize websites.

The Harm Caused

• The damage from phishing services like this is real:
• Thousands of people had their credentials stolen. This means criminals could access their accounts, possibly read private emails, files, or impersonate them.
• Organizations in health sector were particularly at risk. If criminals access medical records or systems, that could affect patient safety or privacy.

The scheme also shows how cybercrime has become easier to access. You don’t have to be very skilled; services like Raccoon0365 let people do phishing at scale by paying for tools.

The Bigger Picture

Phishing subscription services are growing globally. They are like rental tools for cybercrime. Someone builds fake pages, tools, templates, and others pay to use them. Criminals find that profitable because:

• It spreads risk: the operators of the subscription don’t do all the work themselves; they let many people use the phishing tools.
• It is scalable: many victims can be targeted at once.
• Profits can be hidden via cryptocurrency.
• Because of cases like this, many tech firms and law enforcement agencies are pushing harder to both track down these services and warn the public about them.

Why It Matters for You

• Even if you are not a big company, phishing can affect you:
• You could receive fake email or message pretending to be from Microsoft (or any trusted company).
• If you click a link and enter your password on a fake page, criminals can use it. They may steal files, send mails or messages pretending to be you.
• It is important to check website addresses, and to think twice before clicking or giving personal credentials.

What Can Be Done

• Some steps that help reduce phishing risks and protect people:
• Better Security Practices: Companies and individuals should use strong, unique passwords, and two-factor authentication where possible.
• Awareness: Users should be educated to recognize phishing attempts: emails asking for passwords, links that look suspicious.
• Technology Measures: Using tools that check for phishing sites, monitoring suspicious domains, attacking infrastructure of fraud.
• Law Enforcement Cooperation: Tech companies working with governments, court orders, seizure of domains.

Microsoft’s action to seize 340 websites shows that fighting phishing is possible, but it is also difficult. Criminals find new ways, but mistakes they make help investigators to catch them.

The case of Raccoon0365 teaches us that phishing services are not small problems—they can steal many credentials, harm many people, and earn large sums of money. It also shows that cooperation between tech firms, cybersecurity groups, and law enforcement is very important.