All Collections
Proactive Support
Best practices
Preview Help Desk links to check they’re safe to follow
Preview Help Desk links to check they’re safe to follow

How to check if URLs are safe and reduce risk of teammates clicking malicious links.

Andrea Nagel avatar
Written by Andrea Nagel
Updated over a week ago

Checking conversation links

When you hover over URLs in Help Desk (e.g. inbound or outbound conversations and teammate notes), you will see a tooltip appear that gives a URL preview. This is especially helpful for hyperlinked text and images.

If you click on an untrusted link, you'll see a message pop up which says:

You're about to leave Intercom. 
[Domain name] isn't a trusted domain and may be unsafe. Make sure you review the link before opening it.

To reduce risk around clicking malicious links that may be hidden in conversations on the Help Desk, we recommend you always take a moment to check the URL to confirm it is something you would expect to see and it seems safe.

This includes when:

  • Teammate sent links through any channel

  • Fin sent links

  • Bot/workflow sent links

  • Links in notes

  • Links in side conversations

  • Links in tickets comments

To read more about how to spot phishing attempts, we recommend reading this short guide from the Center for Internet Security (CIS).

Trusted domains

Links from trusted domains you've added to Intercom won’t trigger these link warnings.

The following domains can be allowlisted:

When manually listing domains, be aware that:

  • We don’t automatically validate domains, so any errors e.g. spelling mistakes won’t be proactively flagged.

  • We do automatically check to confirm the domain is in the right format.

  • Domains should be comma separated. Commas can be followed by a space or not; the list will work either way.

  • To mark all your subdomains as trusted, use an asterisk as a placeholder like this: *

Managing link warnings

Link warnings are active by default unless you have explicitly chosen to deactivate them.

By configuring your trusted domains, you can reduce how often your teammates see link warnings; only showing them on domains you don’t know and don’t trust.

However, you may still wish to deactivate link warnings, e.g. if you have your own security measures in place that reduce the risk of teammates clicking potentially malicious links.

Teammates with permission to manage Security settings can disable these warnings in the Attachments and Links section in Security settings. When you do that you’ll see your name and the timestamp recorded in the Settings page and activity logs.


Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts

Did this answer your question?