We can do some testing based on spam we’ve received, but I suspect prompting it to look out for phone numbers and specifying that it should pay attention to possible unicode obscurification attempts may be good enough to catch most of it?
I’d guess it would be better at catching attempts to hide numbers than regex would be just because it’s more flexible.