Forward the phishing email "as an attachment" to email@example.com and then DELETE the message from your Inbox.
Regularly check your banking and credit card accounts for any unauthorized transactions that may have been initiated by the phishers.
DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
DO NOT click a link in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
DO NOT use the same password for your University account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places as they can.
DO change ALL of your passwords if you suspect any account you have access to may be compromised.
DO be equally cautious when reading email on your phone. It may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.