Skip to main content

Monitor and Handle Gmail Mailbox for Phishing (Gmail) - Workflow Template

Monitor a Gmail inbox and scan each message for URL's and attachments to scan with VirusTotal. Label each message with the result.

Updated over a year ago

This Torq workflow template provides an automated solution for phishing detection and response within a Gmail inbox. The process is activated by an incoming webhook notification. It begins by setting up Gmail message notifications and extracting message details. Each message and its attachments are sent to VirusTotal for security scanning. Messages are then labeled in Gmail based on the scan results—safe messages are labeled as "Scanned," while those with detected threats are marked as "Malicious" or "Suspicious." This proactive approach supports cyber threat defense and bolsters email security protocols for businesses.

Take Me to the Template

Trigger

Webhook

Use Cases

Phishing

Workflow Breakdown

  1. Setup notifications of messages to a Gmail inbox via an incoming webhook

  2. Extract the message and lookup label ids

  3. Scan the message and attachments by sending to VirusTotal

  4. If no Malicious or Suspicious results are found, label message as Scanned

  5. If Malicious or Suspicious are found label the message

Vendors

GCP, Scripting, Utils, VirusTotal, HTTP, Gmail

Workflow Output

Update labels on each message that is scanned

Tips

Setup Push notifications with Gmail.","Documentation at https://developers.google.com/gmail/api/guides/push

Related Articles
Monitor and Handle Mailbox Folder for Phishing via IMAP - Workflow Template
Monitor an Outlook Mailbox for Phishing with Recorded Future - Workflow Template
Monitor an Outlook Mailbox for Phishing via Graph Subscription - Workflow Template
Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2 - Workflow Template
Monitor an Outlook Mailbox for Phishing with VirusTotal - Workflow Template
Did this answer your question?