Phishing emails are designed to trick users into clicking a link or opening an attachment that looks trusted (or appears to come from a trusted sender) but in fact have a very untrustworthy goal. These emails and any associated documents or web pages have been specifically created to get you to give up key personal information that will enable the perpetrator to steal your identity, your money, or both.
If you believe an email you've received is a phishing attempt, Rule #1 is NEVER click on links or attachments. If the email looks like it has come from somewhere familiar, like your bank or the HSU helpdesk, CALL the sender (using an official number, not a number that may have been provided in the email) to check on the authenticity of the email.
If the message fails these checks, it is recommended that you report the message as a phishing attempt to the Gmail security people. Phishing attacks can't be detected in the same way as viruses, so crowdsourcing is the best way to keep people safe. To do this, and learn more about phishing and spam, follow the simple instructions on the ITS website.