Google released an official statement regarding this latest phishing attack using gmail. In addition to enabling two-factor authentication for all your important accounts (or using a yubi-key like Kainos does) Chrome version 56 will also include the text "Not Secure" in the location bar on non-SSL websites where a page contains a password field or credit card input field.
From Google: “We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”