Copy paste, and triple check the first and last 4 characters.

Not good enough, scammers will make copycat look-alike addresses that have the same first ~7 and last ~7 characters.

What does this mean in practice though? If you need to be certain, make sure you copy the right address.

What about something like VisualHostKey but for the bitcoin address?

I doubt that would help much. People should clear their clipboard, and copy & paste, then double check the whole thing, or at least the first and last few characters.

Bad advice scammers/malware have huge tables of addresses they've generated that agree in the first N and last N characters. If a user is going to compare a subset they should make an effort to make it be an unpredictable subset.

Bad actors can easily pregenerate adresses that mach those ahead of time.