Malware Risk from Clicking Yelp, Google Reviews, etc. Photos?

  • Thread starter Thread starter kyphysics
  • Start date Start date
  • Tags Tags
    Google Photos
Click For Summary

Discussion Overview

The discussion revolves around the potential risks of malware associated with clicking on photos attached to consumer reviews on platforms like Yelp and Google Reviews. Participants explore whether these images could be infected and the effectiveness of security measures employed by these platforms.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • One participant questions if clicking on photos in reviews could risk malware infection, suggesting that the platforms may or may not adequately scan for such threats.
  • Another participant argues that any click on a webpage carries potential risks and expresses skepticism about the effectiveness of web providers in preventing malware.
  • Some participants emphasize the importance of using decent security software to mitigate risks, while others caution that hackers often stay ahead of such defenses.
  • There is a discussion about the nature of hackers, with one participant questioning why skilled individuals do not pursue legitimate programming jobs instead of hacking.
  • A participant suggests that if someone is overly concerned about malware risks, they might consider avoiding the Internet altogether.
  • Several participants express the view that while security software can protect against known threats, it cannot guarantee safety against new or evolving threats.

Areas of Agreement / Disagreement

Participants do not reach a consensus on the effectiveness of security measures against malware risks from clicking on images in reviews. There are multiple competing views regarding the reliability of security software and the inherent risks of online interactions.

Contextual Notes

Participants highlight the limitations of current security measures and the evolving tactics of hackers, indicating that the discussion is influenced by varying levels of trust in technology and security practices.

Who May Find This Useful

This discussion may be of interest to individuals concerned about online security, those who frequently engage with consumer review platforms, and users seeking to understand the risks associated with clicking on web content.

kyphysics
Messages
686
Reaction score
446
Often when there is a business that I want to get consumer reviews on, there will be a poster/reviewer who adds a photo to their comments.

For example, a person might show how an Amazon order came damaged. Or, a person on Yelp! or Google Reviews may post a photo of food they ate, etc.

The pics are thumbnail-sized and can be enlarged by clicking on them. Would this risk malware if they uploaded a pic file that was infected on their end? Or, do Google, Amazon, Yelp!, etc. scan and prevent such infected files from getting attached to comments? Thanks!
 
  • Like
Likes   Reactions: symbolipoint
Computer science news on Phys.org
Clicking on anything in a web page has that potential. I wouldn't trust that any web provider would scan and protect against it as hackers are quite devious.

As an example, popups are added to a webpage. The providers disable popups and so the hackers switch to pop behinds. That gets disabled via a timeout scheme and so the hackers wait x seconds before executing a popup command. The evolution continues.

Another was web users, could hover on a link a link to see where it went so clever web page developers masked the display so you'd see something else. The original link might flash for a moment and then get replaced with what the hacker wanted you to see.

As long as javascript is the language then you will have these issues. It's often why security folks suggest disabling javascript entirely in your browser.

There are plugins like Web-of-Trust that will warn you based on site history whether a given link is okay to jump to. If you go then its on you as to what may happen. But again its not fool proof, one needs a fool to prove it too.
 
  • Like
Likes   Reactions: kyphysics
Decent security software should protect you from any risks on the inter-webs.
 
StevieTNZ said:
Decent security software should protect you from any risks on the inter-webs.
?I am interested to know other members' comments on that.
 
symbolipoint said:
I am interested to know other members' comments on that.
You can count on hackers to be one step ahead of the defender software, at least for brief spells. That's why anti-virus software issues updates to their databases so frequently.

SO ... if you want to be safe, never open a file (jpg or otherwise) on anything but a trusted site, and be SURE you really ARE on a trusted site.

Just as an example, you could be re-directed to a site that has " ... amazone.com ... " in the URL and is a spoof of Amazon.com. If you're careless and are fooled into thinking you ARE on Amazon.com, all bets are off.
 
  • Like
Likes   Reactions: jedishrfu
jedishrfu said:
Clicking on anything in a web page has that potential. I wouldn't trust that any web provider would scan and protect against it as hackers are quite devious.

As an example, popups are added to a webpage. The providers disable popups and so the hackers switch to pop behinds. That gets disabled via a timeout scheme and so the hackers wait x seconds before executing a popup command. The evolution continues.

Another was web users, could hover on a link a link to see where it went so clever web page developers masked the display so you'd see something else. The original link might flash for a moment and then get replaced with what the hacker wanted you to see.

As long as javascript is the language then you will have these issues. It's often why security folks suggest disabling javascript entirely in your browser.

There are plugins like Web-of-Trust that will warn you based on site history whether a given link is okay to jump to. If you go then its on you as to what may happen. But again its not fool proof, one needs a fool to prove it too.
I confess I have no idea what some of those are, but take it that you think even clicking on an Amazon.com photo (uploaded by a customer) or Google/Yelp! reviews photo (uploaded by reviewer/poster) could introduce malware?

Just to be clear, these are photos that are not linked to something external. Rather, they are just attached to the big name site's reviews. HYPOTHETICAL EX:

Google Review:
"Dr. x/y/z was fantastic. She was attentive to my needs, prescribed a/b/c to treat my concern, and 14 days later I'm all healed. See my before and after pics below."
[poster/reviewer posts pics on Google in her review]

The thing is, sometimes you have to click the photo to enlarge it. But, it'd still be viewed on Google...or Amazon...etc. and not linked to something external.
 
phinds said:
You can count on hackers to be one step ahead of the defender software
I think I may have asked this off-handedly once, but why would such skilled individuals not just get a job in computer programming (vs. committing crime and risking jail)?!
 
kyphysics said:
I think I may have asked this off-handedly once, but why would such skilled individuals not just get a job in computer programming (vs. committing crime and risking jail)?!
Who says they DON'T have such a job? Except for state actors, hacking is not necessarily a full time job.
 
symbolipoint said:
?
What is your question?
 
  • #10
I think the question is:

Is it really true that decent security will protect you on the internet?

And the answer is: enjoy the surfing but "trust no one".

Bad actors are always looking for that zero-day and trying new things in their attempt to evade and overcome the latest security schemes and there is no immediate protection.

One can only be vaccinated against known threats but not against new threats.
 
  • #11
To do a "Mrs Gray", I'd say if you're so overly concerned of malware/virus risks, don't use the Internet at all. plane @ simple
 
  • #12
StevieTNZ said:
Decent security software should protect you from any risks on the inter-webs.
I admire your optimism, but not your grasp of the situation. How do you think Norton and other FIND OUT about new viruses?
 
  • #13
phinds said:
How do you think Norton and others FIND OUT about new viruses?
They ask the BEST, of course. . . . 🎯 . 🥇

1604011371469.png


They found your lost s too. . . . :cool:

.
 
  • #14
StevieTNZ said:
What is your question?
IN the post. I wrote the question below the initial question mark. Quoted again here,
I am interested to know other members' comments on that.
 
  • #15
.
I am interested to know other members' comments on that.
Please reference post #13 . . . . :wink:

.
 
  • #16
symbolipoint said:
IN the post. I wrote the question below the initial question mark. Quoted again here,
I wouldn't conclude what you wrote as a question; simply merely asking for opinions.

But besides that, I repeat: "To do a "Mrs Gray", I'd say if you're so overly concerned of malware/virus risks, don't use the Internet at all. plane @ simple"
 

Similar threads

  • Sticky
Physics Forums Global Guidelines
  • · Replies 2 ·
Replies
2
Views
506K