Is there a good way (right now) to defend against this? I'm willing to live with a browser that only accepts ASCII in the address bar, and disables Unicode in email (replaced with �?)
No browser or browser extension that I know of, but it may exist.
I always circumvent it by just never clicking links sent to me (mail, sms, WhatsApp, etc). If I get a mail from, for example, Netflix that says there is a problem with my billing or whatever. I open a browser myself, go to Netflix’s site and login. If there really is a billing issue then I can see it after logging in. The links are actually never needed if you think about it.
Other than that use MFA (multi factor) everywhere you can. It doesn’t defeat phishing attack completely, but it is good protection. (Hackers can buy tools that provides them with a UI to build and execute phishing campaigns, even ones that include handling MFA)
Is there a good way (right now) to defend against this? I'm willing to live with a browser that only accepts ASCII in the address bar, and disables Unicode in email (replaced with �?)