If you receive an email messsage that you suspect is a phishing attempt, you can report it to Sophos by following their instructions at https://community.sophos.com/kb/en-us/23113.
You can also alert the Help Desk, in case the University is being targeted by a phishing attack. Remember, the University of Toronto will never ask for your password via email. If you receive a suspicious email containing a link requesting your UTORid and password, forward the message to email@example.com.
For more details about phishing emails, see our article about avoiding email fraud.