Brian Krebs writes on how browsers choose to display IDN. The issue here is of course spoofing valid URLs with visually similar letters. You probably would notice the lame attempt in the department line but some of the international characters are very similar or indeed identical. Depending on your personal preferences it might be a good idea to use punycode instead. Could save you a headache later.
https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/
Here are some of the applicable RFCs:
(Score: 2) by requerdanos on Sunday March 11 2018, @03:35PM
Let's imagine a site in the Russian-language world called привет.com (привет ~= "privyet" ~= "hi"). (This exists, with only a parking page at http://привет.com/.) [пÑивеÑ.com]
If we replace the Cyrillic "в" with the latin "B", or worse, replace the Cyrillic "е" and "р" with latin "e" and "p", we get lots of variants that look identical, or almost identical, to our hypothetical original.
So perhaps it's not the sophisticated world directing "fool you with similar" attacks at the "I Expect ASCIIs" but the "criminal element" directing "fool with similar" attacks at all-and-sundry.
Changing color based on which Unicode page a character is from would admittedly reveal this just as well, But Ivan Pa-Russki and many others would have to put up with their address bar being an ugly error-red indicating "normal" and friendly ordinary black meaning "someone is trying to fool you."
Punycode probably isn't a universal answer--the friendly "привет.com" becomes "xn--b1agh1afp.com" in punycode (Blag one a fop? Blog one a fip?). Which would be sort of like "google.com" always showing up as "qz--jkl2h298398j.com" for us ASCII folks. I.e. similar problem to the red-coding, but worse because instead of turning letters red, it renders them unreadable.