LABEL POSSIBLE PHISHING ATTEMPTS IN GOOGLE EMAIL (Google App Script) [REQUIRES: Gmail API + Trigger Every 1 Hour]

autoLabelPhishingEmails.gs

function autoLabelEmails() {
  const labelRules = [{
      label: "POSSIBLE PHISHING ATTEMPT",
      subjectContains: [
        // Security & Account Alerts
        "Suspicious Login Attempt Detected", "Your Account Has Been Compromised!", "Unusual Activity on Your Account",
        "Security Alert: Immediate Action Required", "We Detected Unauthorized Access", "Your Password Has Expired – Reset Now",
        "Account Locked Due to Multiple Failed Login Attempts", "Confirm Your Identity to Continue Using Your Account",
        "Important Security Update Required", "Verify Your Account Before It's Disabled",
        // Banking & Financial Scams
        "Urgent: Your Bank Account is Restricted", "Payment Failed – Update Your Billing Information", "Your Credit Card Has Been Declined",
        "Unauthorized Transaction Detected on Your Account", "Final Notice: Your Loan Application Has Been Approved",
        "Your Bank Statement Is Ready to View", "Secure Your Account Now – Important Notice", "Suspicious Withdrawal Attempt – Please Confirm",
        "Verify Your Payment Details Immediately", "Action Required: Unusual Activity on Your Credit Card",
        // Fake Invoices & Payment Requests
        "Invoice #12345 Is Now Due – Pay Immediately", "Overdue Payment – Final Notice", "Payment Confirmation Needed",
        "Your Subscription Has Expired – Renew Now", "Billing Error – Update Your Payment Information", "Thank You for Your Purchase – View Receipt",
        "Your Order Has Been Placed! Click to Track", "Payment Request from [Impersonated Company]", "Important: Refund Processed – Confirm Your Details",
        "Your Direct Deposit Is Ready",
        // Work & HR-Based Phishing
        "Urgent: CEO Needs You to Purchase Gift Cards", "New Company Policy – Please Review", "HR: Your Salary Raise Is Approved!",
        "Payroll Update: Confirm Your Direct Deposit Details", "Action Required: Employee Benefits Enrollment", "Important HR Update – Please Sign Immediately",
        "Expense Report Submission Deadline Approaching", "Your Performance Review Is Available", "Workplace Security Policy Update",
        "Your Email Access Will Be Revoked – Verify Now",
        // IT & Tech Support Scams
        "Urgent: Your Password Will Expire in 24 Hours", "System Maintenance: Immediate Login Required", "Unusual Sign-In Detected – Change Your Password",
        "Microsoft Alert: Virus Detected on Your Device", "Google Account Access Revoked – Verify Immediately", "Warning: Unauthorized Access to Your Account",
        "IT Helpdesk: Immediate Action Required", "Your VPN Service Has Been Suspended", "Confirm Your Two-Factor Authentication (2FA) Setup",
        // Shipping & Package Scams
        "Your Package Could Not Be Delivered", "Tracking Update: Your Order Is On Hold", "FedEx: Your Delivery Has Been Delayed",
        "USPS: Action Required for Your Package", "Your Amazon Order Has Been Canceled", "Track Your Shipment – Click Here",
        "Important: Shipping Confirmation Required", "DHL: Your Shipment Is Waiting for Payment", "Customs Fee Required for Package Release",
        "Package Returned Due to Incorrect Address",
        // Fake Tax & Government Notices
        "IRS Notice: Immediate Payment Required", "Your Tax Refund Is Ready – Claim Now", "Social Security Benefits Suspended – Act Now",
        "Unpaid Taxes – Legal Action Pending", "Federal Student Loan Forgiveness Approved", "Verify Your Government Benefits Eligibility",
        "Your Passport Has Been Flagged for Review", "Jury Duty Summons – Confirm Your Availability", "Stimulus Payment Available – Confirm Your Details",
        "Your Driver’s License Renewal Notice",
      ]
    }
];

  let totalEmailsChecked = 0;
  let totalEmailsLabeled = 0;

  const threads = GmailApp.search("is:unread in:inbox"); // Get unread emails
  if (!threads.length) {
    console.log("No unread emails found.");
    return;
  }

  threads.forEach((thread) => {
    const messages = thread.getMessages();
    messages.forEach((message) => {
      totalEmailsChecked++;
      const sender = message.getFrom().toLowerCase();
      const subject = message.getSubject().toLowerCase();
      const body = message.getPlainBody().toLowerCase();

      labelRules.forEach((rule) => {
        if (
          (rule.sender && (
            Array.isArray(rule.sender) ?
            rule.sender.some(email => sender.includes(email.toLowerCase())) :
            sender.includes(rule.sender.toLowerCase())
          )) ||
          (rule.subjectContains && (
            Array.isArray(rule.subjectContains) ?
            rule.subjectContains.some(keyword => subject.includes(keyword.toLowerCase())) :
            subject.includes(rule.subjectContains.toLowerCase())
          )) ||
          (rule.contentContains && rule.contentContains.some((word) => body.includes(word.toLowerCase())))
        ) {
          applyLabel(thread, rule.label);
          totalEmailsLabeled++;
          console.log(`Labeled email from ${sender} with "${rule.label}"`);
        }
      });
    });
  });

  console.log(`\n[SUMMARY]`);
  console.log(`Total emails checked: ${totalEmailsChecked}`);
  console.log(`Total emails labeled: ${totalEmailsLabeled}`);
}

/**
 * Apply a label to a thread (creates label if it doesn't exist)
 */
function applyLabel(thread, labelName) {
  let label = GmailApp.getUserLabelByName(labelName);
  if (!label) {
    label = GmailApp.createLabel(labelName);
    console.log(`Created new label: ${labelName}`);
  }
  thread.addLabel(label);
}