Three layers, in order of how much they help: the login captcha, the page banner, and the operator’s signed announcements on Dread.
Fingerprint-embedded captcha
The login captcha image carries the canonical v3 onion fingerprint rendered into the image itself, in a font that survives moderate compression and is legible to a human. A phishing front-end that proxies the operator’s captcha will show the operator’s fingerprint, which will mismatch the cloned address bar; a phishing front-end that generates its own captcha image will not be able to embed a matching fingerprint without holding the corresponding private key.
Page banner
The canonical onion is reprinted in the page header on every render. Compare it letter-for-letter against the address bar before logging in. The full string is 56 characters; do not stop at the first eight.
Signed mirror announcements
When the endpoint rotation changes, the operator posts a detached-PGP-signed announcement on their Dread account. Imports the operator’s public key once, verifies signatures forever after. See how to verify a Tor market onion address for the verification workflow.