This seems ripe for phishing, similar to @аррӏе.com (which isn't @apple.com -- go ahead and check) and someone actually did this once. [0] There are lots of emojis that are hard to tell apart from each other.

[0] https://www.xudongz.com/blog/2017/idn-phishing/