Skip to main content
All CollectionsTemplatesAdvanced
Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2 - Workflow Template
Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2 - Workflow Template

Scan messages in a Gmail mailbox with a specific label with VirusTotal for malicious URLs and files. Update label and send email on results

Updated over a week ago

The Torq workflow template "Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2" automates the scanning of emails in a Gmail mailbox for phishing threats. It labels unscanned messages, extracts URLs, attachments, and headers, and scans them using VirusTotal. If threats are detected, it updates the labels to indicate the nature of the threat (e.g., Malicious, Suspicious, Phishing) and sends a detailed report back to the email's sender. To improve efficiency, emails marked with a specific label (e.g., "Not-Scanned") are targeted. This template assists organizations in proactively detecting and handling potential phishing attacks in their email environment.

Use Cases

Phishing

Workflow Breakdown

  1. Change label to Scan-Started on message when scan begins

  2. Retrieve URLs, attachments and headers that are part of the message and scan with VirusTotal

  3. Use VirusTotal findings to append to the suspicious or malicious data to return to the user

  4. Update the label on the message with the resulting verdict

  5. Send an response email message to the originator of the message when the scan is complete

Vendors

Utils, VirusTotal, HTTP, Gmail

Workflow Output

Results of the email message scan via Email and label update on the original message.

Tips

Setup an GMail rule that labels specific messages with the label \"Not-Scanned\

Did this answer your question?