IS Forum
Forum Index Register Members List Events Search Today's Posts Mark Forums Read Help

Go Back   International Skeptics Forum » General Topics » Computers and the Internet
 


Welcome to the International Skeptics Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.
Tags phishing

Reply
Old 6th May 2022, 12:23 PM   #1
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 7,103
A scam in seven stages

Mod InfoFor some reason this is causing a re-direct when we view it in the mod only section so having to nuke the content. I have saved a plain text copy of the contents if you want it. Worked out the problem - restored the original text.
Posted By:Darat


This morning I received an email purporting to be a communication from the Canada Revenue Agency. It turned out to be scam trying to gather credit card information. But it took a rather roundabout way of getting there ...


Stage 1: The email message

Quote:
From: Agence du Revenu du Canada / Canada Revenue Agency <centre@psycho-solutions.qc.ca>
To: blue_mountain@internationalskeptics.com

Date: 2022-05-06 3:01 A.M.

Bonjour blue_mountain@internationalskeptics.com

Nous vous invitons à prendre connaissance du document ci-joint et d’y donner suite s’il y a lieu.

Cliquez le lien suivant : canada.ca/agence-revenu/services/impot/particuliers/Doc/

Code d’accès Document : 031187

Pour tout renseignement additionnel, n’hésitez pas à communiquer avec nous.


AVIS DE CONFIDENTIALITÉ _
Ce message peut contenir de l’information légalement privilégiée ou confidentielle. Si vous n’êtes pas le destinataire ou croyez avoir reçu par erreur ce message, nous vous saurions gré d’en aviser l’émetteur et d’en détruire le contenu sans le communiquer à d’autres personnes ou le reproduire.

Vous ne souhaitez pas recevoir par messagerie électronique de l’information sur les produits et services, les nouveautés, les offres spéciales et les promotions de La Capitale? Retirez votre consentement

A red flag here: the greeting line uses the mail address. Actual correspondence from the CRA would use either “Cher Blue” or “Monsieur, Madame”. The URL is also subtly wrong; for the French version of the CRA the URL is www.canada.ca/fr/ ...

Partial translation:

Quote:
We invite you to read the attached document and follow up if necessary.

Click the following link: canada.ca/revenue-agency/services/tax/individuals/Doc/

Document access code: 031187

For any additional information, do not hesitate to contact us.

Stage 2: The PDF

The URL above actually pointed to https://t.co/ec0UVVXwZQ. It served up a PDF that required a password to open, said password being 031187. The text of the PDF was as follows:

Quote:
Notification d’impôts Remboursement

Après les derniers calculs annuels de l’exercice de votre activité, nous avons déterminé que vous êtes admissible à recevoir un remboursement d’impôt de 486,40 C Veuillez nous soumettre s’il vous plait la demande de remboursement d’impôt pour nous permettre de la traiter dans le plus bref délai (le délai de traitement est de 10 jours ouvrable)

Pour accéder au formulaire de votre remboursement d’impôt

J E C O N S U L T E L E S D É M A R C H E S A S U I V R E

Un remboursement peut être retardé pour diverses raisons. Par exemple la soumission de dossiers non valides ou inscriptions après une certaine limite.

Translation:

Quote:
Tax Notification Refund

After the final annual calculations for your business year, we have determined that you are eligible to receive a C486.40 tax refund. Please submit the tax refund request to us so we can to process it as soon as possible (the processing time is 10 working days.)

To access your tax refund form:

I CONSULT THE STEPS TO FOLLOW

A refund may be delayed for various reasons. For example submitting invalid records or registrations after a certain limit.

This is a huge red flag. The CRA doesn't need anyone to fill out a “tax refund form.” It automatically sends refunds once the return has been processed, via direct deposit if it has information on file, or by mailing a cheque to the address specified on the taxpayer's return.


Stage 3: The redirect

The link at “JE CONSULTE LES DÉMARCHES A SUIVRE” went to https://www.washtogo.ae/wp-content/DE.html.

That, in turn, consisted only of a <meta> tag:

Code:
<meta http-equiv="refresh" content="0;URL=https://pdf.name/canada/MyCra/">

Stage 4: The remarkably simple CAPTCHA

The page above redirected to https://pdf.name/canada/MyCra/confirmation.php, which asked for a CAPTCHA that was remarkably easy to read, and consisted of the text 031187 (the same as the password on the PDF.) The same number appeared regardless of the nummber of times the page was reloaded. At least it verified the input; entering anything other than 031187 returned an error.


Stage 5: The fake login page

It then redirected to the following URL:

Quote:
https://pdf.name/canada/MyCra/v1/A_information.php ?customer_LoginCMD=362 &session=2949842498498448554554
Trying with a differnt browser showed a different customer_LoginCMD but an identical session number. Playing around with those numbers didn’t seem to break anything.

Chromium recognized the page was in French and asked if I wanted it translated. Because I can puzzle out only about 30% of any given French text, I chose English. The page read:

Quote:
Access my Customer Area

Email Address: [__________________________________________________]

Password: * [__________________________________________________]

[_] Remember my email address

[Open Session]

© Canada, 1996-2022 All rights reserved. _
Legal | Terms and Conditions | Privacy
The three links at the bottom (Legal, Terms and Conditions, Privacy) all returned me to the above page. Not very sophisticated.

Needless to say, no matter what I used for an email address (aragorn@minas-tirith.gondor.me) or password (valaquenta) I was let in.


Stage 6: Credit card information

The login redirected to (spaces added for readability):

Quote:
https://pdf.name/canada/MyCra/v1/B_information.php ?enc=eac16c8cffa2436d0eb04e11ede2cc10 &p=0 &dispatch=1d35cc0886aa4ea87f6966f95160fbc9df193 f60 &session=eac16c8cffa2436d0eb04e11ede2cc10
Like the page in stage 5, I got the same page back regardless of any changes to the CGI values:

Quote:
[Logo] Safe & Secure

Refund Information

! You must add an account to receive your refund

All fields are mandatory.

Cards Accepted: [Image:VISA] [Image:MasterCard] [Image:American Excress]

Last name and first name: [Enter your full name]

Bank card number: [Enter your card number]

Expiration date: [Format: 05 / 23]

CVV / CVC: [***]

Phone number: [Enter your phone number]

[Submit]

© Canada, 1996-2022 All rights reserved. _
Legal | Terms and Conditions | Privacy
The page accepted without question any set of random numbers I put in for the credit card number, such as 4504 0000 0000 0000. That indicates the programmers didn’t attempt to validate the check digit, which is the final digit of the card number and is computationally dervied from the other 15. Nor did it catch the fact I entered an expiry date from last year.


Stage 7: The frustrating 3D Secure confirmation page

The credit card information page redirected to https://pdf.name/canada/MyCra/v1/D_information.php, with CGI parameters &name=, &email=, &card number=, &phone=, &bank= (the programming was advanced enough to, sometimes, figure out the name of the issuing bank from the card number.)

It displayed a facsimile of a 3D Secure verification page:

Quote:
3D Secure
Safety Online

Complete this authenticating by entering the confirmation code received on your phone or email.

Complétez cette authentification en entrant le code de confirmation reçu sur votre téléphone ou par e-mail.

Bank Name (if the processing was able to figure it out)

Name on card: [text passed in name=]

Card Number: [text passed in card_number=, all but last 4 X’d out]

Date & time: [from the server clock, GMT]

Phone: [text passed in phone=, all but last 4 *d out]

Verification Code / Code de vérification: [__________]
Of course, no matter the content entered for the Verification Code, the page always returned:
Error: The verification code you entered does not match our records. Please try again.

As a test, I gave a little-used email address I have at ProtonMail to see if the site was sophisticated enough to actually send a validation code, but never received a message.


Analysis: pretty good, but there are holes

The most glaring thing I saw the page that gathers credit card information performed only the most rudimentary checks on the entered information. It did check for empty fields, letters where there should have been numbers, and the length of the credit card number. But it didn't validate the check digit on the credit card, nor did it catch an expired card.

As of the time I created this thread all the links are still working. I encourage as many of you as possible to play with this and give them a boat load of bad information.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)

Last edited by Darat; 7th May 2022 at 08:21 AM.
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 6th May 2022, 12:34 PM   #2
Trebuchet
Penultimate Amazing
 
Trebuchet's Avatar
 
Join Date: Nov 2003
Location: Port Townsend, Washington
Posts: 34,734
You are bolder than I.
I wouldn't have clicked the pdf.
__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.
Trebuchet is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th May 2022, 01:22 AM   #3
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 7,103
Originally Posted by Trebuchet View Post
You are bolder than I.
I wouldn't have clicked the pdf.
It's an advantage I have running Linux and possessing a thorough understanding of how the operating system works. If I'm really paranoid I can set up a virtual machine and work inside that. Even if there's any malware in the PDF that could attack a Linux OS, likely the worst it would do is infect the VM. The danger would be short lived because I'd destroy the VM after checking things out.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th May 2022, 07:04 AM   #4
Darat
Lackey
Administrator
 
Darat's Avatar
 
Join Date: Aug 2001
Location: South East, UK
Posts: 104,611
Mod InfoI'm going to have to nuke your opening post - really sorry but it is causing a redirect in the mod section when we try and view it.
Posted By:Darat
__________________
I wish I knew how to quit you
Darat is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th May 2022, 03:22 PM   #5
Skeptical Greg
Agave Wine Connoisseur
 
Skeptical Greg's Avatar
 
Join Date: Jul 2002
Location: Just past ' Resume Speed ' .
Posts: 18,254
I get this sort of thing all the time..

The last one looked like a real Wells Fargo security check.. The only problem is, I don't have a Wells Fargo account of any kind.

Sometimes I click through them and provide a lot of BS information.
__________________
‘Trust in Allah but tie up your camel.’

Last edited by Skeptical Greg; 9th May 2022 at 03:26 PM.
Skeptical Greg is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th May 2022, 06:36 PM   #6
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 7,103
Originally Posted by Skeptical Greg View Post
I get this sort of thing all the time..

The last one looked like a real Wells Fargo security check.. The only problem is, I don't have a Wells Fargo account of any kind.

Sometimes I click through them and provide a lot of BS information.
This particular scam got a lot of BS information from me because I was probing the system to see how it worked.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th May 2022, 06:53 PM   #7
marting
Illuminator
 
marting's Avatar
 
Join Date: Sep 2003
Posts: 3,436
Many years ago I got a phishing email from my broker who's email had been hacked. It had my name, not just email so I was curious. Set up a VM and followed the links. First was to Turkey which then went to a Russian site where they tried to collect credit card info.

Fun times.

I alerted my broker and changed brokerages.
__________________
Flying's easy. Walking on water, now that's cool.
marting is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th May 2022, 07:53 PM   #8
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 19,443
Originally Posted by Blue Mountain View Post
Stage 1: The email message
Quote:
From: Agence du Revenu du Canada / Canada Revenue Agency <centre@psycho-solutions.qc.ca>
Just that line alone screams DELETE THIS EMAIL!!!!!

No government web site would be hosted on "psycho-solutions".
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 10th May 2022, 04:12 AM   #9
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 7,103
Originally Posted by psionl0 View Post
Just that line alone screams DELETE THIS EMAIL!!!!!

No government web site would be hosted on "psycho-solutions".
Indeed. The distressing thing is most email clients out there actively hide critical information like this, so all one sees is the sender's name and not the email address.

Mind you, it's trivially easy to show an equally fake "from" email address and hide the address where replies will be sent in a "Reply-To:" header.

Worse is when email clients make it difficult to view all the headers. I use Thunderbird, and all I need to do is press Ctrl-U to the view complete header list.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 10th May 2022, 05:08 AM   #10
Lothian
should be banned
 
Lothian's Avatar
 
Join Date: Apr 2002
Location: Earth, specifically the crusty bit on the outside
Posts: 17,697
Originally Posted by psionl0 View Post
Just that line alone screams DELETE THIS EMAIL!!!!!

No government web site would be hosted on "psycho-solutions".
Most Government employees that I know do belong in a psycho solutions environment
Lothian is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 10th May 2022, 08:13 AM   #11
Gord_in_Toronto
Penultimate Amazing
 
Gord_in_Toronto's Avatar
 
Join Date: Jul 2006
Posts: 22,927
Originally Posted by Lothian View Post
Most Government employees that I know do belong in a psycho solutions environment
The scammers are using a legitimate domain of a real company in Quebec.
__________________
"Reality is what's left when you cease to believe." Philip K. Dick
Gord_in_Toronto is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 10th May 2022, 09:02 AM   #12
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 19,443
Originally Posted by Blue Mountain View Post
Indeed. The distressing thing is most email clients out there actively hide critical information like this, so all one sees is the sender's name and not the email address.

Mind you, it's trivially easy to show an equally fake "from" email address and hide the address where replies will be sent in a "Reply-To:" header.

Worse is when email clients make it difficult to view all the headers. I use Thunderbird, and all I need to do is press Ctrl-U to the view complete header list.
I get phishing emails all the time and the vast majority don't even try to look authentic. I guess that they get enough hits from suckers to make the extra effort superfluous.

Even if they manage to look authentic, hovering over the link usually gives the game away. And remember, your banker/taxman/etc will not provide a link in the email for you to click. You are supposed to log in to their website in the usual way.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 10th May 2022, 04:57 PM   #13
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 7,103
Originally Posted by psionl0 View Post
I get phishing emails all the time and the vast majority don't even try to look authentic. I guess that they get enough hits from suckers to make the extra effort superfluous.

Even if they manage to look authentic, hovering over the link usually gives the game away. And remember, your banker/taxman/etc will not provide a link in the email for you to click. You are supposed to log in to their website in the usual way.
With more and more people reading email on smartphones and tablets, I'm not sure even this option is available. However, on these devices I believe a long press on a link will pop up a dialogue showing the actual URL. But how many people know that's possible, and how many can tell a good URL from an obviously fake one?

Also, banks and government institutions are trying to educate people about how they send emails, and not providing links in them. But often these messages are on their web sites, in areas that many may not visit often.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 10th May 2022, 08:29 PM   #14
bigred
Penultimate Amazing
 
bigred's Avatar
 
Join Date: Jan 2005
Location: USA
Posts: 19,432
Email scams always remind me fondly of the ebola monkey man. So sad his site is gone.

I never bother opening emails which I'm not expecting, they are all treated as spam. Similarly I never answer phone calls from an unknown number.
bigred is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 11th May 2022, 12:56 AM   #15
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 7,103
And they're back! This time it's for a parcel Canada Post wants to deliver. Very much same spiel, including a link to a PDF in the email, except this time it isn't encrypted. The correspondence is in English this time, but it's a bit broken; it looks strongly like it was Google-translated from French to English.

Originally Posted by Scammer's PDF
We will deliver your parcel

Your package N°20*****489 will not be delivered today.





Your package cannot be delivered today due to an exceptional situation beyond our control or because access to the delivery address is impossible.
The information at our disposal did not allow us to ensure delivery.



The information at our disposal did not allow us to ensure delivery.

To organize the second presentation,




Track this parcel

Shipment details

Service type: Expedited Parcels
Reference number: 4006318549534132
© Post Corporation

LOL! The linked-to page is headed Authentification, which is apparently common in Europe and and India, but is practically unheard of in North America. It's supposed to be a CAPTCHA, and uses the same super-easy-to-read sequence 031187 as the previous round. Although it's formatted to look like a Google ReCAPTCHA, it looks like a CAPTCHA from ten or fifteen years ago.

The "Profile Information" page didn't ensure the user checked the "I have read and agree with the Canada Post Terms and Conditions" box.

They still want full credit card information because apparently having the shipper pay all the costs for sending a package through the mail isn't enough for Canada Post; they still need $2.99 for an unspecified reason.

Two additional anomalies: The page that asks for credit card information has the heading Complet Your Profile," and the name and address information asks for a "Zip Code." We don's use ZIP codes in Canada. The page did, however, supply a hint in the correct format A1A 1A1.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)

Last edited by Blue Mountain; 11th May 2022 at 12:59 AM.
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 11th May 2022, 06:28 AM   #16
Gord_in_Toronto
Penultimate Amazing
 
Gord_in_Toronto's Avatar
 
Join Date: Jul 2006
Posts: 22,927
Originally Posted by Blue Mountain View Post
And they're back! This time it's for a parcel Canada Post wants to deliver. Very much same spiel, including a link to a PDF in the email, except this time it isn't encrypted. The correspondence is in English this time, but it's a bit broken; it looks strongly like it was Google-translated from French to English.




LOL! The linked-to page is headed Authentification, which is apparently common in Europe and and India, but is practically unheard of in North America. It's supposed to be a CAPTCHA, and uses the same super-easy-to-read sequence 031187 as the previous round. Although it's formatted to look like a Google ReCAPTCHA, it looks like a CAPTCHA from ten or fifteen years ago.

The "Profile Information" page didn't ensure the user checked the "I have read and agree with the Canada Post Terms and Conditions" box.

They still want full credit card information because apparently having the shipper pay all the costs for sending a package through the mail isn't enough for Canada Post; they still need $2.99 for an unspecified reason.

Two additional anomalies: The page that asks for credit card information has the heading Complet Your Profile," and the name and address information asks for a "Zip Code." We don's use ZIP codes in Canada. The page did, however, supply a hint in the correct format A1A 1A1.
I stared at a similar one (in French) for a time. As it did not have my home address I knew immediately that it was a spoof -- I mean, if they are trying to deliver it, they should know where it is supposed to be going to. The sender address was something like the Canada Post addy but had reversed "canada" and "post".

I never open my email in HTML; always in text first.
__________________
"Reality is what's left when you cease to believe." Philip K. Dick
Gord_in_Toronto is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th May 2022, 12:26 AM   #17
Lukraak_Sisser
Illuminator
 
Join Date: Aug 2009
Posts: 4,676
When I was working a job with more downtime I used to keep track of the spam messages I got, it was fun to see them drop whenever a botnet was taken down.

Nowadays most spam I get contains 20+ emoticons in the message header or informs me of the vast amounts of Bitcoin I'm supposed to have. A bit bland really.
Lukraak_Sisser is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 20th May 2022, 06:32 PM   #18
novaphile
Quester of Doglets
 
novaphile's Avatar
 
Join Date: Dec 2009
Location: Sunny South Australia
Posts: 3,492
Very interesting.

I don't think I ever see spam emoticons anywhere, so it's likely that my ISP (and employer) are doing a lot of work to stop that stuff from getting to me.

I do get a lot of spam in Spanish that mentions 'ERP Industria' in the title or body.

I suspect that this is because ERP appears somewhere in my LinkedIn profile...
__________________
We would be better, and braver, to engage in enquiry, rather than indulge in the idle fancy, that we already know -- Plato.
novaphile is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Reply

International Skeptics Forum » General Topics » Computers and the Internet

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 05:56 PM.
Powered by vBulletin. Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.

This forum began as part of the James Randi Education Foundation (JREF). However, the forum now exists as
an independent entity with no affiliation with or endorsement by the JREF, including the section in reference to "JREF" topics.

Disclaimer: Messages posted in the Forum are solely the opinion of their authors.