We can block URLs or entire domains in the new security and compliance center. Most phishing emails use unusual domains and I've been blocking the entire domain.
https://protection.office.com/tenantAllowBlockList?viewid=Url
Browse to the site above and sign in.
Under the URLs tab, click block.
Add the domain of the phishing link. (remove HTTPS:// and everything after the top level domain)
Click never expire and click add.
For example, in the URL below I added all of "eventscloud.com"