The internet pioneer already has a number of anti-phishing measures, such as machine learning-based detection, Safe Browsing, email attachment scanning and extra security measures for suspicious-looking logins.

Google stresses that the May 3rd attack didn't do much damage. Fewer than 0.1 percent of its users were affected, it says. That's somewhat comforting, but it was still hard to escape the phishing campaign for the brief hour it ran rampant. Even that small a portion of Google's user base still represents many, many people. The stepped-up anti-phishing efforts might be necessary to prevent another large-scale mess.