but sent from an indian investment firm (with valid SPF, DKIM and DMARC, so probably a vulnerable/misconfigured SMTP server on their end);
call-to-action links to the canadian "bikers against pedophiles"' (‽) staging website (a page under wp-includes, so probably leveraging a WordPress vulnerability)
that redirects to a page on the czech Pandora website
that mimics the UAE bank, asking for credit card details (phishing page has already been removed and I forgot taking a screenshot a few hours ago)
