My security team is worried about allowing customers to send us image files in messenger. Is this a valid concern? Is there a way to get malware through messenger? Is anyone here restricting your file uploads?
This is my third company that I've been at that uses intercom, and I've never heard this concern expressed before. So while I don't want to dismiss it, the documentation feels pretty clear about how safe this is. Plus, I need customers to be able to send us screenshots.
Thanks in advance.
Best answer by Paul Byrne
Hey
To reassure your security team: Intercom takes file upload security seriously, especially for images and attachments shared through the Messenger. When a customer sends a file (like a screenshot), Intercom scans it for potential threats and stores it securely. We restrict executable file types (like .exe, .bat, etc.) from being uploaded entirely, and known malware types are blocked automatically.
Images and common file types (like PNG, JPG, PDF) are allowed, but Intercom blocks potentially dangerous formats.
Uploaded files are scanned and served securely via Intercom’s CDN.
You can’t run or execute any uploaded file directly from Messenger they’re just attachments, not active content.
There’s no way for a customer to inject or execute malware via image uploads in Messenger.
Let me know if you'd like to explore restricting certain file types or setting up a workflow to review incoming files happy to help find the right balance between usability and security!
+7Hey
To reassure your security team: Intercom takes file upload security seriously, especially for images and attachments shared through the Messenger. When a customer sends a file (like a screenshot), Intercom scans it for potential threats and stores it securely. We restrict executable file types (like .exe, .bat, etc.) from being uploaded entirely, and known malware types are blocked automatically.
Images and common file types (like PNG, JPG, PDF) are allowed, but Intercom blocks potentially dangerous formats.
Uploaded files are scanned and served securely via Intercom’s CDN.
You can’t run or execute any uploaded file directly from Messenger they’re just attachments, not active content.
There’s no way for a customer to inject or execute malware via image uploads in Messenger.
Let me know if you'd like to explore restricting certain file types or setting up a workflow to review incoming files happy to help find the right balance between usability and security!
Yes, it’s understandable for your security team to be cautious, but Intercom does have measures in place to scan and sanitize file uploads, which makes it generally safe for customers to send images like screenshots. While no system is 100% risk-free, the chance of malware getting through via messenger is very low if you stick to common file types (like PNG, JPG, PDF). Some companies do restrict file uploads for extra security, but most allow images because they are essential for support. You could also consider setting limits on file size or types to balance safety with functionality.
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
