When we discover phishing emails or they are reported to us, we normally block further email from the sender to prevent delivery of more email from them.
We normally also block email (i.e. replies) TO the sender, so that no-one can reply to such emails (provided that no-one has already done so).
We also normally check to see if anyone has already replied, and in such cases, we disable their account temporarily to prevent the fraudsters accessing it.
If there is a web link in the phishing message, we will block access to the phishing website from on campus.
None of this can happen instantly, of course, and that is why you must also play your part in helping to keep your account secure.