When a user reports a phishing email create a ticket in the linked PSA with the suspect message attached, header details in the body of the ticket and the contact set as the reporting user.