When I went to click on it, Malwarebytes told me that the site had a Trojan embedded within it, and promptly blocked me
As it only affects the other half's email, I will have to keep a careful eye on it.
I have recently found that very few scanners pick up email attacks these days. One that was obviously an attack was passed as ‘clean’ by malwarebytes, and online scans by kaspersky, Norton, among others. Simply extracting strings containing URLs from the attachment on the other hand, yielded well-documented phishing sites.
By all means use an AV, but never depend upon it. If an email is unsolicited and/or the slightest bit dodgy, it is almost certainly malicious, no matter what your AV may say.