The Torq workflow template "Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2" automates the scanning of emails in a Gmail mailbox for phishing threats. It labels unscanned messages, extracts URLs, attachments, and headers, and scans them using VirusTotal. If threats are detected, it updates the labels to indicate the nature of the threat (e.g., Malicious, Suspicious, Phishing) and sends a detailed report back to the email's sender. To improve efficiency, emails marked with a specific label (e.g., "Not-Scanned") are targeted. This template assists organizations in proactively detecting and handling potential phishing attacks in their email environment.
Use Cases
Phishing
Workflow Breakdown
Change label to Scan-Started on message when scan begins
Retrieve URLs, attachments and headers that are part of the message and scan with VirusTotal
Use VirusTotal findings to append to the suspicious or malicious data to return to the user
Update the label on the message with the resulting verdict
Send an response email message to the originator of the message when the scan is complete
Vendors
Utils, VirusTotal, HTTP, Gmail
Workflow Output
Results of the email message scan via Email and label update on the original message.
Tips
Setup an GMail rule that labels specific messages with the label \"Not-Scanned\