The signed list and the captcha check.
Osiris does the phishing basics correctly, and two checks confirm a genuine node.
The onion is embedded in the login captcha image and reprinted in the page header. Compare either against your bar before your password. A clone cannot serve the correct address in both places while pointing you at the wrong one.
Osiris signs its mirror list with the market PGP key, published on Dread. Check the list if a node behaves strangely. If the address you typed is not on the signed list, do not type your password.