Many Central Michigan University students have been hacked after opening emails with bright blue buttons that read "click here to read message," and inevitably clicking them.

The emails appear to be sent by someone the student already knows, with a subject line they have already exchanged with that person.

"One of the interesting things is that because the subject line is always different, it was hard to identify, but if you saw enough samples of it, the button didn't always say the same thing and the timestamp was always rearranged in different ways so it was hard to even look for," said Kole Taylor, manager of communications and enablement for OIT.

On Feb. 19, the Office of Information Technology sent out an email calling attention to the phishing scam and instructing students who responded to the emails or clicked on the link to change their password immediately.

"There's a very prolific scam email circulating campus," the email said. "This particular message contains a blue button asking you to click to read the message. This is a phishing message, and you should not click this button."

Some of the phishing emails were sent from spoof emails, but when they got ahold of the legitimate @cmich.edu Outlook accounts those were used in order to compromise more accounts.

"It was really very sophisticated, in that instead of just using that account to blast spam phishing messages all over the place, they had the software used for this sort of thing go through the inbox of those compromised accounts and send back to people using subject lines that they had used to communicate with those people, raising the level of how legitimate they looked," Taylor said.

Students who receive emails with a similar link should hover over the link to see if it leads to an untrustworthy location.

"There is something known as a skeptical hover that we will ask people to do, so if there is a link in an email, you hover over it and (a little pop-up) will tell you where that link goes," Taylor said.

Taylor junior Rachel Trombetta received an email on Sunday evening from someone she had previously contacted, with a subject she had seen before. The email contained the infamous blue button, which she clicked because she thought it could be important due to the subject line.

While at work the next day, Trombetta received dozens of emails from people she didn't recognize, and after checking her sent box she saw even more.

"My boss had me call IT and he had me reset my password and told within the day they would call me to see about deactivating me and then reactivating it," Trombetta said. "Today they had me reactivate my account, gave me a different really weird random word password no one could ever remember and then I went through and changed my password to something I haven't used."

After resetting her password and confirming her email settings, Trombetta received a response from a recipient of one of her emails.

Around 2 p.m. on Monday, Bay City senior Sarah Anderson received an abundance of automatic emails that said her emails were not delivered and discovered her email address had sent out emails with the blue button to all of her contacts. She then realized that her email account had gotten hacked.

"Today I realized my WiFi wasn't working because I couldn't log in using my Global ID and password," Anderson said. "Eventually, I couldn't log into the computers in the clinic, I couldn't even use my key fab because everything is linked to that Global ID and password because I was shut out for security purposes through the tech center, which I realize is for my safety."

OIT was unaware that the student IDs and fabs were connected to the CentralLink accounts before the complaints from students.

Aurora, IL senior Emma Wiggins received a similar email– she clicked the link and but then immediately exited the site.

After reading the email from OIT, Wiggins changed her password and then started having issues.

"I just reset my password and now it's letting me go on to BlackBoard, but I can't go onto my CentralLink," Wiggins said.

After OIT instructed students to change their passwords, the server handling the password resets went down because an unprecedented amount of students were changing their passwords.

Taylor said the server going down were not directly related to the phishing and hacking, but just a secondary, tertiary effect.

OIT works on their own and with Microsoft to delete known and malicious emails out of students mailboxes because they aren't in anyway beneficial, only dangerous.

The phishing issue was more widespread, hitting other universities and not just CMU.

"Microsoft was already working on this because we started to see the signs of them having stemmed the flow of this and identifying it in ways that we couldn't," Taylor said. "It was far outside of CMU but that's the part we see because we are dealing with it here."

In their email OIT linked their website with tips to avoid phishing.

Student's who don't have control of their accounts are urged to contact the Help Desk at 989-774-3662 or helpdesk@cmich.edu.

If you receive emails of this nature in the future, do not click the blue button.