Skip to main content
All CollectionsInboxConversationsHandling
Preview conversation links to check they’re safe to follow
Preview conversation links to check they’re safe to follow

How to check if URLs are safe and reduce risk of teammates clicking malicious links.

Andrea Nagel avatar
Written by Andrea Nagel
Updated this week

Checking conversation links

When you hover over URLs in the Inbox (e.g. inbound or outbound conversations and teammate notes), you will see a tooltip appear that gives a URL preview. This is especially helpful for hyperlinked text and images.

If you click on an untrusted link, you'll see a message pop up which says:

You're about to leave Intercom. 
[Domain name] isn't a trusted domain and may be unsafe. Make sure you review the link before opening it.

To reduce risk around clicking malicious links that may be hidden in conversations, we recommend you always take a moment to check the URL to confirm it is something you would expect to see and it seems safe.

This includes when:

  • Teammate sent links through any channel

  • Fin sent links

  • Bot/workflow sent links

  • Links in notes

  • Links in side conversations

  • Links in tickets comments

To read more about how to spot phishing attempts, we recommend reading this short guide from the Center for Internet Security (CIS).

Malicious links

Intercom scans incoming links for malicious content. If you click a malicious link from the Inbox, you will see a different message appear:

Potentially malicious site ahead.
Intercom has detected this link as malicious. Only proceed if you're confident it's safe. If you trust the site, consider adding the domain to your trusted list.

Similar to the untrusted link warning, this screen will allow you to continue to the potentially malicious site by clicking Open link.

Trusted domains

Links from trusted domains you've added to Intercom won’t trigger these link warnings.

The following domains can be allowlisted:

When manually listing domains, be aware that:

  • We don’t automatically validate domains, so any errors e.g. spelling mistakes won’t be proactively flagged.

  • We do automatically check to confirm the domain is in the right format.

  • Domains should be comma separated. Commas can be followed by a space or not; the list will work either way.

  • To mark all your subdomains as trusted, use an asterisk as a placeholder like this: *.example.com

Managing link warnings

Link warnings are active by default unless you have explicitly chosen to deactivate them.

By configuring your trusted domains, you can reduce how often your teammates see link warnings; only showing them on domains you don’t know and don’t trust.

However, you may still wish to deactivate link warnings, e.g. if you have your own security measures in place that reduce the risk of teammates clicking potentially malicious links.

Teammates with permission to manage Security settings can disable these warnings in the Attachments and Links section in Security settings. Only untrusted link warnings can be disabled - malicious link warnings cannot. When you disable untrusted link warnings you’ll see your name and the timestamp recorded in the Settings page and activity logs.


💡Tip

Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts


Did this answer your question?