That's right, they don't have a pinning mechanism for site operators. They have something called Certificate Reputation[1] which works alongside SmartScreen and should theoretically be of use for attacks like this, but I haven't heard much about it and I don't know if it helped here.
