One important thing is to report the phishing attempt, both to the hosting providers involved and to the mail service used to send the emails.