Some good news Morgan -- I'd like to let you know that
MalwareBytes has already included that domain in to their phishing database. Other malware blockers may have also done the same.
Also, Giz and I have shared some dialog on your post this morning. Giz may post some of that here for you. They're mostly technical and half of it may not even directly apply to your current situation. I generally tend to share a few dozen ideas when a problem presents itself.
Attached is a screenshot from MalwareBytes