there is no policy in SEP for phishing. When you mean phishing, the users are tempeted to visit certain sites which will take user credentials for monetray purpose, you can install norton safe lite , which checks whether the website is good to visit.