Malware Risk from Clicking Yelp!, Google Reviews, etc. Photos?

  • Thread starter kyphysics
  • Start date
  • #1
204
142
Often when there is a business that I want to get consumer reviews on, there will be a poster/reviewer who adds a photo to their comments.

For example, a person might show how an Amazon order came damaged. Or, a person on Yelp! or Google Reviews may post a photo of food they ate, etc.

The pics are thumbnail-sized and can be enlarged by clicking on them. Would this risk malware if they uploaded a pic file that was infected on their end? Or, do Google, Amazon, Yelp!, etc. scan and prevent such infected files from getting attached to comments? Thanks!!
 
  • Like
Likes symbolipoint

Answers and Replies

  • #2
12,219
5,914
Clicking on anything in a web page has that potential. I wouldn't trust that any web provider would scan and protect against it as hackers are quite devious.

As an example, popups are added to a webpage. The providers disable popups and so the hackers switch to pop behinds. That gets disabled via a timeout scheme and so the hackers wait x seconds before executing a popup command. The evolution continues.

Another was web users, could hover on a link a link to see where it went so clever web page developers masked the display so you'd see something else. The original link might flash for a moment and then get replaced with what the hacker wanted you to see.

As long as javascript is the language then you will have these issues. It's often why security folks suggest disabling javascript entirely in your browser.

There are plugins like Web-of-Trust that will warn you based on site history whether a given link is okay to jump to. If you go then its on you as to what may happen. But again its not fool proof, one needs a fool to prove it too.
 
  • Like
Likes kyphysics
  • #3
1,498
434
Decent security software should protect you from any risks on the inter-webs.
 
  • #4
symbolipoint
Homework Helper
Education Advisor
Gold Member
6,082
1,143
Decent security software should protect you from any risks on the inter-webs.
?


I am interested to know other members' comments on that.
 
  • #5
phinds
Science Advisor
Insights Author
Gold Member
2019 Award
16,538
6,902
I am interested to know other members' comments on that.
You can count on hackers to be one step ahead of the defender software, at least for brief spells. That's why anti-virus software issues updates to their databases so frequently.

SO ... if you want to be safe, never open a file (jpg or otherwise) on anything but a trusted site, and be SURE you really ARE on a trusted site.

Just as an example, you could be re-directed to a site that has " ... amazone.com ... " in the URL and is a spoof of Amazon.com. If you're careless and are fooled into thinking you ARE on Amazon.com, all bets are off.
 
  • Like
Likes jedishrfu
  • #6
204
142
Clicking on anything in a web page has that potential. I wouldn't trust that any web provider would scan and protect against it as hackers are quite devious.

As an example, popups are added to a webpage. The providers disable popups and so the hackers switch to pop behinds. That gets disabled via a timeout scheme and so the hackers wait x seconds before executing a popup command. The evolution continues.

Another was web users, could hover on a link a link to see where it went so clever web page developers masked the display so you'd see something else. The original link might flash for a moment and then get replaced with what the hacker wanted you to see.

As long as javascript is the language then you will have these issues. It's often why security folks suggest disabling javascript entirely in your browser.

There are plugins like Web-of-Trust that will warn you based on site history whether a given link is okay to jump to. If you go then its on you as to what may happen. But again its not fool proof, one needs a fool to prove it too.
I confess I have no idea what some of those are, but take it that you think even clicking on an Amazon.com photo (uploaded by a customer) or Google/Yelp! reviews photo (uploaded by reviewer/poster) could introduce malware?

Just to be clear, these are photos that are not linked to something external. Rather, they are just attached to the big name site's reviews. HYPOTHETICAL EX:

Google Review:
"Dr. x/y/z was fantastic. She was attentive to my needs, prescribed a/b/c to treat my concern, and 14 days later I'm all healed. See my before and after pics below."
[poster/reviewer posts pics on Google in her review]

The thing is, sometimes you have to click the photo to enlarge it. But, it'd still be viewed on Google...or Amazon...etc. and not linked to something external.
 
  • #7
204
142
You can count on hackers to be one step ahead of the defender software
I think I may have asked this off-handedly once, but why would such skilled individuals not just get a job in computer programming (vs. committing crime and risking jail)?!
 
  • #8
phinds
Science Advisor
Insights Author
Gold Member
2019 Award
16,538
6,902
I think I may have asked this off-handedly once, but why would such skilled individuals not just get a job in computer programming (vs. committing crime and risking jail)?!
Who says they DON'T have such a job? Except for state actors, hacking is not necessarily a full time job.
 
  • #10
12,219
5,914
I think the question is:

Is it really true that decent security will protect you on the internet?

And the answer is: enjoy the surfing but "trust no one".

Bad actors are always looking for that zero-day and trying new things in their attempt to evade and overcome the latest security schemes and there is no immediate protection.

One can only be vaccinated against known threats but not against new threats.
 
  • #11
1,498
434
To do a "Mrs Gray", I'd say if you're so overly concerned of malware/virus risks, don't use the Internet at all. plane @ simple
 
  • #12
phinds
Science Advisor
Insights Author
Gold Member
2019 Award
16,538
6,902
Decent security software should protect you from any risks on the inter-webs.
I admire your optimism, but not your grasp of the situation. How do you think Norton and other FIND OUT about new viruses?
 
  • #13
OCR
890
756
How do you think Norton and others FIND OUT about new viruses?

They ask the BEST, of course. . . . 🎯 . 🥇

1604011371469.png


They found your lost s too. . . . :cool:

.
 
  • #14
symbolipoint
Homework Helper
Education Advisor
Gold Member
6,082
1,143
What is your question?
IN the post. I wrote the question below the initial question mark. Quoted again here,
I am interested to know other members' comments on that.
 
  • #15
OCR
890
756
.
I am interested to know other members' comments on that.

Please reference post #13 . . . . :wink:

.
 
  • #16
1,498
434
IN the post. I wrote the question below the initial question mark. Quoted again here,
I wouldn't conclude what you wrote as a question; simply merely asking for opinions.

But besides that, I repeat: "To do a "Mrs Gray", I'd say if you're so overly concerned of malware/virus risks, don't use the Internet at all. plane @ simple"
 

Related Threads on Malware Risk from Clicking Yelp!, Google Reviews, etc. Photos?

  • Last Post
Replies
22
Views
3K
  • Last Post
Replies
3
Views
973
  • Last Post
Replies
3
Views
3K
  • Last Post
Replies
5
Views
9K
Replies
3
Views
713
Replies
1
Views
805
  • Last Post
Replies
4
Views
2K
Replies
1
Views
2K
  • Last Post
Replies
2
Views
5K
Top