A customer's password and BoilerKey PIN will become scrambled if our security the Security team has reason to believe that their career account has been compromised.
In order to minimize the impact, ITaP Security and Policy immediately scrambles a customer's career account password and BoilerKey PIN in an effort to protect them and Purdue from an unauthorized individual accessing your information and systems that the customer is authorized to access.
This, unfortunately, will cause them to be unable to log in to any system which uses their Purdue career account - this includes both their BoilerKey and their Purdue career account password logins.
One symptom the customer might see if their account has been compromised is are suspicious emailemails, or an increase in the amount of spam email that they receive, prior to noticing that their career account no longer allows you them to log in to any system.
NOTE: Once you have reestablished access to your account, please check and verify bank account information in SuccessFactors, forwards and rules in your email, etc. to confirm no changes were made to your information.
To Work This Type of Ticket
...
Users often call in stating they could access a Purdue system earlier in their work or class day, but it has locked them out for reasons unknown. Check Footprints for a ticket history regarding a STEAM-CIRT before any further troubleshooting.
Specialists Working Dispatch
Apply the 'CSC.Steam Cirt' quick issue template to the FootPrints ticket.
Change the 'User ID' field on the Contact Information tab in the ticket to the user ID of the account that has been scrambled. It will be listed in the ticket title and customer note.
NOTE: The information fields in the ticket may need to be cleared with the 'Clear' button above the 'User ID' text field, as it will often have the information of members of the Security team listed in full, despite the username being that of the compromised account.
Clicking 'Clear' will remove all text in the User information tab.
Representatives Working Dispatched Tickets
Attempt to contact the customer first by phone, and then by email.
...
Customer phone numbers can be found in Footprints, the Directory, or found by a
...
Supervisor/
...
Specialist in Banner.
...
If leaving a voicemail message, ask the customer to call the CSC at (765) 494-4000 or come in person to the HSSE desk to verify their identity and have their password reset. They will need to provide information to identify themselves.
If you are unable to reach faculty at their directory number, they might not have a direct line. Try and contact the school's main office and see if you can leave them a message or get a cell phone number.
NOTE: Reference the Be sure to reference the STEAM-CIRT ticket number when leaving a voicemail message.
SCRIPT:
"Our Security Team has determined that your account may be compromised. They have scrambled your password in an attempt to minimize the impact that an unauthorized person has using your credentials to access your personal information as well as University systems you have access to.
We are attempting to determine possible causes of compromised Purdue career accounts. We would greatly appreciate if you could take a few minutes of your time to answer the following questions regarding this incident."
...
Assigned Ticket Script
| Panel | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Thank you for contacting the ITaP Customer Service Center. It appears that your account has been marked as compromised by our Security team and that they have scrambled your password and BoilerKey PIN to protect your personal information. There are two ways you can change your career account password, recover your PIN and regain access to your account; you can call us at (765) 494-4000, or you can visit us at our HSSE Help Center located in the Stewart Center. In compliance with FERPA, ITaP cannot provide career account password resets, BoilerKey PIN resets, or confirm personally identifying information through email communications. The owner of the requested account will need to call into the CSC personally (they will need to be either on or in physical proximity to the phone), and provide identifying information confirmed through our existing records in order to access sensitive account information and request alteration of such information. Thank you. -- < Representative's Name > ITaP Customer Service Center Self-Help Knowledgebase: http://www.purdue.edu/goldanswers (765) 494-4000 |
When the user calls in, upon researching the ticket number, the Representative or Specialist should first click the link to the Qualtrics survey at https://purdue.qualtrics.com/SE/?SID=SV_aWW1EAM5JujrKxD and read the questions aloud to the customer. Make
NOTE: This survey should also be linked in each STEAM-CIRT ticket's tech notes.
Make sure to gather the customer's user name and put that in enter it into the survey when prompted.
...
NOTE: Once a Specialist or Representative has reestablished access to the user's account, they should check and verify their bank account information in SuccessFactors, forwards and rules in
...
their email, etc. to confirm no changes were made to
...
their personal information.
Spammers will usually set rules in email inboxes to forward emails to an outside address, or automatically delete incoming emails so that even though the user recovers control of their inbox, it may appear as though they are not receiving emails.
BoilerKey PIN resets can also be forgotten when assisting a user with a reset password. This can cause confusion and repeatedly reopened tickets for frustrated users. Ensure that both of these are completed prior to Resolving the ticket.
Once the survey has been filled out, it should be noted as such in the STEAM-CIRT tech notes.
The Specialist or Representative should then follow normal career account password reset and BoilerKey PIN issuance procedures.
Mark the ticket as Resolved once the user has confirmed they can again access their accounts, and have not had their information compromised (mail rules, bank changes, etc).