Once the email is verified, every time the associated account tries to log in, the account holder will be sent an email requesting permission. Account holders can deny the logon, allow it for a single instance, or remember the location in question and always log on from there. It's not ironclad, but it should help players affected by these phishing attempts ensure that they'll be safe.
[Thanks to Ring Bonefield for the tip!]
[Update: ArenaNet has once again taken to Reddit to post updates as to the status of outstanding bugs and issues and bans in the game. The studio has also temporarily halted sales of the game through the ArenaNet website.]