Who can I contact about this?
Can you privately send me a link to this java malware for me to analyze?
Once you are done analyzing, would you mind posting your findings here?
It depends on if OP has not deleted this phishing email(which I presume he has) and whether the bytecode class files in the .jar are obfuscated.