Phishing emails exhibit strong coupling between semantic deception in email text and maliciousness in URL structure, rendering conventional unimodal detection methods ineffective against evolving attacks. To address this, we propose a dual-path collaborative detection framework: one path employs fine-tuned DistilBERT to model semantic features of email text; the other leverages character-level TF-IDF representations combined with a Random Forest classifier to capture structural patterns in URLs. This design enables complementary fusion of semantic and structural information while supporting modular deployment—balancing detection accuracy, inference efficiency, and scalability. Experimental results demonstrate that joint decision-making across both paths significantly improves overall classification accuracy. DistilBERT achieves high efficiency and precision on textual features, whereas Random Forest outperforms alternative models on URL structural features. The framework exhibits strong practical deployability and generalization capability across diverse phishing scenarios.

Phishing emails pose a persistent and increasingly sophisticated threat, undermining email security through deceptive tactics designed to exploit both semantic and structural vulnerabilities. Traditional detection methods, often based on isolated analysis of email content or embedded URLs, fail to comprehensively address these evolving attacks. In this paper, we propose a dual-path phishing detection framework that integrates transformer-based natural language processing (NLP) with classical machine learning to jointly analyze email text and embedded URLs. Our approach leverages the complementary strengths of semantic analysis using fine-tuned transformer architectures (e.g., DistilBERT) and structural link analysis via character-level TF-IDF vectorization paired with classical classifiers (e.g., Random Forest). Empirical evaluation on representative email and URL datasets demonstrates that this combined approach significantly improves detection accuracy. Specifically, the DistilBERT model achieves a near-optimal balance between accuracy and computational efficiency for textual phishing detection, while Random Forest notably outperforms other classical classifiers in identifying malicious URLs. The modular design allows flexibility for standalone deployment or ensemble integration, facilitating real-world adoption. Collectively, our results highlight the efficacy and practical value of this dual-path approach, establishing a scalable, accurate, and interpretable solution capable of enhancing email security against contemporary phishing threats.