Keith Novak

Holiday Steam Scam – “Breathcup”

Breathcup.com appears to be a scam site meant to steal Steam account credentials. It is masquerading as an e-gaming competition site encouraging users to log in using their Steam credentials to take part in, and vote on, e-sports competitions and teams.

I had an acquaintance on my Steam friends list message this to me, asking to ‘vote for a friend’ in an e-gaming competition. Fair enough – I clicked the link, but something felt off.  There are broken links on the site, and the “FAQ” page has elements that don’t expand (I’m assuming a broken <div> element or something). When something smells fishy, I’ll look at it a little closer.

Google

My first inclination is to see if anyone else has used this site before. If there are results on Google or Reddit, it can probably be trusted more than just some random website, right? Well, unfortunately the Google results were thin:

Google search results for breathcup E-gaming. Unfortunately there are no good results for this query.

The results for “breathcup reddit” were equally few and far between.

 

Whois

My next stop was to investigate the domain registration details. You can see here that there is a huge, gaping red flag staring us right in the face: the domain was registered today – the same day I’m writing this article, December 10th, 2022. 

Important whois dates showing this domain was registered today

Another thing that struck me on the Whois page was the registrant contact information. It’s not unusual on it’s own, but I plugged some of the details into Google and did not get convincing results. For one, the street address listed is fake – no hits on Google maps, for example. There were also thin results for the registrant name and email. You’d think someone running an up and coming e-gaming site would have a better web presence… right? [Note – I did not redact any of the info because it is all publicly available as part of the Whois query]

Whois registrant information, but it seems fake!

Wrap Up

I told my acquaintance, who I do not think was trying to scam me per se, to change his Steam password immediately. I tried to write this up quickly to capitalize on the bad SEO that is available right now for “breathcup” in the event other security-minded individuals are doing due diligence on this site. Stay clear!

Sign in with Steam - but Breathcup is not affiliated with Steam or Valve.

 

 

,
, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *