By Vicky Sidler | Published 1 October 2025 at 12:00 GMT+2

If your team has ever clicked a suspicious email that looked just a little too much like a Microsoft login page, you’re not alone. And no, it wasn’t your fault. It was probably Raccoon0365.

According to Reuters, Microsoft just took down nearly 340 fake websites linked to this growing phishing subscription service, based out of Nigeria, that made phishing as easy as Netflix. It’s called Raccoon0365, and yes, you could pay to use it. It was basically phishing-as-a-service.

This scam didn’t just target tech bros or bored interns. It hit over 2,300 organizations, pocketed at least $100,000 in crypto, and even breached healthcare companies.

If that doesn’t make you want to update your passwords, keep reading.

TL;DR:

• Microsoft shut down 340 fake phishing websites

• The service, Raccoon0365, let users mimic Microsoft login pages

• Over 2,300 organizations were targeted in February alone

• At least $100,000 in crypto was made from stolen login info

• The healthcare industry was also hit

👉 Need help getting your message right? Download the 5-Minute Marketing Fix

Table of Contents:

Phishing as a Service? Apparently That’s a Thing:

The operation worked like this.

Someone signs up on a private Telegram channel. They get access to tools that mimic real Microsoft login pages. They send out mass emails pretending to be tax notices or other urgent alerts. A few clicks later, someone’s typing in their real login credentials. Boom. They’re in.

And it didn’t just look real. These sites were hosted and hidden using Cloudflare’s services, giving them the appearance of legitimacy and making them hard to track.

One mistake from your team, and suddenly a stranger in a different country has access to your Microsoft account.

As Microsoft’s digital crimes attorney Steven Masada put it, "cybercriminals don’t need to be sophisticated to cause widespread harm." Raccoon0365 was designed to be simple and scalable. That’s what made it so dangerous.

Who Got Targeted?

Pretty much everyone. But court filings say “a significant portion” of victims were in New York. That includes 25 healthcare organizations, and at least five confirmed breaches. Health data is sensitive. Once a bad actor gets in, they can steal records, access emails, or even shut down operations with ransomware.

Errol Weiss from Health-ISAC summed it up: “So many of the attacks start because somebody gave up their user name and password.”

Let that sink in. It’s not firewalls or fancy software that fails first. It’s just someone being tricked.

Lessons for Small Business Owners:

You don’t need to panic. But you do need a plan.

Here’s what I recommend as a StoryBrand Certified Guide and Duct Tape Marketing Strategist:

1. Train your team on email basics:

Show them what phishing looks like. Make it part of onboarding. Run a test campaign if you can.

2. Use 2FA everywhere:

Two-factor authentication (like codes via text or app) can block access even if passwords are stolen.

3. Check your own marketing tools:

If you use email marketing, make sure your templates and links look clean and trustworthy. You don’t want your legit emails to get ignored because your audience is scared of phishing.

4. Avoid Microsoft login prompts in your own funnels:

Even if you're using something simple like lead magnets or course portals, don’t make people log in through pages that look even slightly like Microsoft. You’ll lose trust instantly.

It’s Not Just a Tech Problem. It’s a Trust Problem.

The reason Raccoon0365 worked so well is because people trusted what they saw. A brand they recognised. A layout that felt familiar.

This is exactly why clear messaging matters. When you make it obvious who you are, what you do, and why you’re legit, you reduce confusion—and lower the risk of being mistaken for a scammer.

That’s where my 5-Minute Marketing Fix comes in.

It’s a free tool that helps you write a simple, clear one-liner. Something you can use in your emails, landing pages, and social media bios to sound like a real human—without overthinking it.

👉 Download it free here

Because in a world full of phishing, clarity is your best defence.

Related Articles:

1. Almost 99% of People Can't Identify AI Ads—What That Means for Trust, Targeting, and Small Business Marketing

If fake Microsoft pages fooled thousands, imagine what AI-generated ads can do. This article explores why people trust things that look real and how your brand can stay believable.

2. LinkedIn Cracks Down on Lead Gen Tools—What It Means for You

Microsoft isn’t just fighting phishing. Its subsidiary LinkedIn is also cleaning house. Learn how changes on LinkedIn affect your lead generation and what to do instead.

3. AI Customer Service Is Broken—Here's What Small Businesses Can Do Differently

Phishing scams break trust by pretending to be human. Some customer service bots do it by accident. This article explains how to avoid trust-killing tech in your own business.

4. 61% of Consumers Want to Turn Off AI Search Summaries—How Small Businesses Can Adapt

Worried your audience won’t trust tech? They already don’t. This post breaks down what growing AI suspicion means for how your business shows up online.

5. AI, Cybersecurity & Social Media Now Drive Small Business Growth in 2025

Need a confidence boost after reading about phishing attacks? This article shows how other small businesses are turning cybersecurity from a risk into a competitive edge.

FAQs on Microsoft Phishing Scam and Small Business Cybersecurity

1. What exactly did Microsoft shut down?

Microsoft took down nearly 340 websites linked to a phishing service called Raccoon0365. These sites mimicked Microsoft login pages to steal passwords from unsuspecting users.

2. Who was behind the phishing scam?

Microsoft identified Nigeria-based Joshua Ogundipe as the main operator of Raccoon0365. The service ran through a private Telegram channel with over 850 subscribers.

3. How did the phishing scam actually work?

Scammers used Raccoon0365 to send fake emails, usually tax-related, that tricked users into entering their login details on fake Microsoft pages. The credentials were then used or sold.

4. How much damage did it cause?

The service targeted over 2,300 organizations and harvested at least 5,000 Microsoft credentials. It generated more than $100,000 in cryptocurrency for its operators.

5. Why should small businesses care?

Phishing scams don’t just target big companies. They often rely on everyday people making small mistakes, like clicking a link or entering a password. Small businesses are just as vulnerable.

6. What industries were affected?

At least 25 healthcare organizations were targeted, and five experienced confirmed breaches. But the scam wasn’t limited to healthcare—organisations across multiple sectors were affected.

7. What can I do to protect my business?

Start by training your team, enabling two-factor authentication, and avoiding confusing login prompts in your marketing. Most breaches start with a simple human error.

8. How is this connected to trust in marketing?

Scammers rely on brand trust to trick people. That’s why your own messaging needs to be clear, credible, and human. If your communication is confusing, you risk losing that same trust.

9. What does phishing have to do with marketing?

Everything. People are suspicious of what lands in their inbox. If your emails or pages look shady or unclear, even legit businesses get ignored. Trust is a marketing issue too.

10. Where can I get help with clear messaging?

The5-Minute Marketing Fix is a free tool that helps you write a one-liner that builds trust and cuts through confusion—so you don’t sound like a scammer by accident.