Skip to main content
All CollectionsTemplatesAdvanced
Monitor and Handle Gmail Mailbox for Phishing (Gmail) - Workflow Template
Monitor and Handle Gmail Mailbox for Phishing (Gmail) - Workflow Template

Monitor a Gmail inbox and scan each message for URL's and attachments to scan with VirusTotal. Label each message with the result.

Updated over 7 months ago

This Torq workflow template provides an automated solution for phishing detection and response within a Gmail inbox. The process is activated by an incoming webhook notification. It begins by setting up Gmail message notifications and extracting message details. Each message and its attachments are sent to VirusTotal for security scanning. Messages are then labeled in Gmail based on the scan results—safe messages are labeled as "Scanned," while those with detected threats are marked as "Malicious" or "Suspicious." This proactive approach supports cyber threat defense and bolsters email security protocols for businesses.

Trigger

Webhook

Use Cases

Phishing

Workflow Breakdown

  1. Setup notifications of messages to a Gmail inbox via an incoming webhook

  2. Extract the message and lookup label ids

  3. Scan the message and attachments by sending to VirusTotal

  4. If no Malicious or Suspicious results are found, label message as Scanned

  5. If Malicious or Suspicious are found label the message

Vendors

GCP, Scripting, Utils, VirusTotal, HTTP, Gmail

Workflow Output

Update labels on each message that is scanned

Tips

Setup Push notifications with Gmail.","Documentation at https://developers.google.com/gmail/api/guides/push

Did this answer your question?