Phishing attacks represents one of the primary attack methods which is used by cyber attackers. In many cases, attackers use deceptive emails along with malicious attachments to trick users into giving away sensitive information or installing malware while compromising entire systems. The flexibility of malicious email attachments makes them stand out as a preferred vector for attackers as they can embed harmful content such as malware or malicious URLs inside standard document formats. Although phishing email defenses have improved a lot, attackers continue to abuse attachments, enabling malicious content to bypass security measures. Moreover, another challenge that researches face in training advance models, is lack of an unified and comprehensive dataset that covers the most prevalent data types. To address this gap, we generated CIC-Trap4Phish, a multi-format dataset containing both malicious and benign samples across five categories commonly used in phishing campaigns: Microsoft Word documents, Excel spreadsheets, PDF files, HTML pages, and QR code images. For the first four file types, a set of execution-free static feature pipeline was proposed, designed to capture structural, lexical, and metadata-based indicators without the need to open or execute files. Feature selection was performed using a combination of SHAP analysis and feature importance, yielding compact, discriminative feature subsets for each file type. The selected features were evaluated by using lightweight machine learning models, including Random Forest, XGBoost, and Decision Tree. All models demonstrate high detection accuracy across formats. For QR code-based phishing (quishing), two complementary methods were implemented: image-based detection by employing Convolutional Neural Networks (CNNs) and lexical analysis of decoded URLs using recent lightweight language models.

翻译：网络钓鱼攻击是网络攻击者使用的主要攻击手段之一。在许多情况下，攻击者利用欺骗性电子邮件及恶意附件，诱使用户泄露敏感信息或安装恶意软件，从而危及整个系统。恶意电子邮件附件因其灵活性而成为攻击者偏好的载体，它们能将恶意内容（如恶意软件或恶意URL）嵌入标准文档格式中。尽管钓鱼邮件防御技术已取得长足进步，但攻击者仍持续滥用附件，使恶意内容得以绕过安全措施。此外，研究人员在训练先进模型时面临的另一挑战是缺乏覆盖最流行数据类型的统一且全面的数据集。为弥补这一空白，我们构建了CIC-Trap4Phish——一个多格式数据集，包含网络钓鱼活动中常用的五类文件（Microsoft Word文档、Excel电子表格、PDF文件、HTML页面和二维码图像）的恶意与良性样本。针对前四类文件，我们提出了一套免执行的静态特征提取流程，旨在无需打开或执行文件的情况下，捕获基于结构、词法和元数据的特征指标。通过结合SHAP分析与特征重要性进行特征选择，为每种文件类型生成了紧凑且判别性强的特征子集。所选特征使用轻量级机器学习模型（包括随机森林、XGBoost和决策树）进行评估。所有模型在不同格式上均展现出高检测准确率。针对基于二维码的网络钓鱼（二维码钓鱼），我们实现了两种互补方法：采用卷积神经网络（CNN）进行基于图像的检测，以及使用近期轻量级语言模型对解码后的URL进行词法分析。