Prevent phishing emails with GPT-4, VirusTotal, Slack, and Google Sheets

This n8n workflow automates real-time phishing detection by ingesting incoming emails, extracting indicators, analyzing content with AI (GPT-4), calculating risk scores, and taking immediate action—quarantining malicious emails, flagging suspicious ones, alerting users and SOC, and logging everything for compliance and forensics. It prevents phishing attacks at the point of delivery with zero-touch automation.

How it works

1. Webhook receives email
2. Extract URLs, domains, keywords
3. VirusTotal + GPT-4 analysis
4. Risk score routing
5. Quarantine / Flag / Allow
6. Slack SOC alert + audit log

Risk Levels

🔴 HIGH (75–100) → Quarantine
🟡 MEDIUM (40–74) → Flag + warn
🟢 LOW (0–39) → Allow + log

Credentials

• OpenAI API (GPT-4o)
• VirusTotal API
• Slack Webhook
• Google Sheets
• SMTP Email

Placeholders to Replace

• YOUR_OPENAI_CREDENTIAL_ID
• YOUR_VIRUSTOTAL_API_KEY
• YOUR_SLACK_WEBHOOK_PATH
• YOUR_GOOGLE_SHEET_ID
• YOUR_EMAIL_GATEWAY_TOKEN

Explore More AI-Powered Email Security:
Contact us to deploy zero-trust email gateways, automated BEC response, and insider threat detection using n8n + LLMs.