First, let's distinguish between the two. Spam is unsolicited, bulk commercial email designed to promote goods and/or services that may or may not be legitimate. Phishing email, and variants such as spear phishing, are designed to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and financial details by masquerading as a trustworthy entity. Examples of phishing messages and how to identify them are available here. OIT has phishing samples here and additional information here and here.
When these messages make their way into your GT inbox, they should be reported according to the methods below. These messages should not be responded to and links within these messages should not be followed. After reporting, the messages can be safely deleted.
These messages should be forwarded *as attachments* to firstname.lastname@example.org. OIT has guidance on how to forward a message as an attachment here.
These messages are more serious and may be difficult to identify. If you believe you've received a phishing message that hasn't recently been reported to the availability mailing list, please forward it immediately to email@example.com. If you're not on the availability mailing list, please sign up by following the instructions here.
Likewise, these messages should be forwarded *as attachments* to firstname.lastname@example.org. OIT has guidance on how to forward a message as an attachment here.