scammers are using cyrillic letters to trick people into visiting look-alike domains, i.e., “citibank.com” vs “citibаnk.com”.
they are indistinguishable when rendered in UTF-8, but when you put them in your browser’s address bar, one will resolve predictably as “http://citibank.com/”, and the other will resolve as “http://xn--citibnk-6fg.com/”
perhaps a new tool in the anti-phishing arsenal might be to copy the URL in an email, and paste it into a text editor to check for unicode.