Any idea how to verify the LoG? Depositing without verifying is what makes many people send their funds to a phishing site, and that's all the more reason why verifying the LoG should be as easy as possible.
Sorry, nope. However, since the LoG contains the public key too (which my guess would be that it would be used to verify the signature), it probably can be spoofed fully by a phishing site.
One proper way could be to publish on the website, but also on Bitcointalk and other reputable areas (eg github) the asc file with the key to verify the signatures.