If (when) you receive what you think might be a phishing email, forward it to the organization it apprears to be from. On that group's real website will be a section on "your security" or "how to avoid scams" with an address to which bogus emails should be sent. it's usually something like "abuse@ " or "scams@ "

One of three things will happen:
- nothing (ie, you'll never hear from either of them again, but you've avoided being scammed)
- confirmation (ie, you'll get an email from the real organization thanking you for sending them (usually a form letter, but hey, it's something)
- refutation. I once got a reply email with a follow-up phone call from the organization trying to convince me that the original email was actually legitimate. maybe I'm paranoid...

Glen