A phishing clone copies the Awazon look to harvest your password or seed a deposit to an attacker address. The tells are worth knowing, but one check beats all of them.
The tells
An address that is close but not identical to a verified one, differing by a few characters in the middle. A login that asks you to re-enter your recovery phrase, which the real market never does. A captcha whose printed address does not match your bar. Formatting that is subtly off from the site you remember.
The check that beats them
Copy addresses only from a verified signed source, and hold the address in your bar against the one the captcha prints, every session. A clone cannot easily serve the correct address in the captcha while sending you to the wrong one, so the mismatch gives it away.
If you already entered a password
Assume it is compromised. Reach the genuine market through a verified address, change the password, and withdraw any balance.