Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 22 Next »

This script is intended for use in one of three scenarios,

  1. User has called in "I can't log in" or "My password doesn't work" or "My account got scrambled," etc  & you find a STEAM-CIRT on their account.
  2. User calls in "My account got hacked," or "My account is sending out spam, etc. If you can find a STEAM-CIRT for their account, proceed with that one. If not, create a new ticket and proceed
  3. You've received a ticket, have called out to contact the compromised user, and have reached them

NOTE: This is the STEAM-CIRT process that I use, it's what works best for me. I go this route to avoid syncing delays, or different steps that users have trouble with that can be speed bumps.  Maybe something different will work better for you? It's just a starting point.

STEAM-CIRT Call Script

Verify Identity via PPS

Complete the STEAM-CIRT Qualtrics Survey

  • On your own computer, open the Qualtrics STEAM CIRT survey
    NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
  • Complete the survey, by reading off the questions to the user, and recording their answers.

SPEC Set Temporary Password via Active Directory

NOTE: To save time, I do this in the background after PPS, while going through the Qualtrics survey with the user.

  • Specs can use AD to set a randomized temporary password
    NOTE: I go this route of tempPW then PW to avoid sync delays, and some speedbumps. Do what works best for you.
    NOTE:     You can instead use the AccountSetupReset tool to have them set a password here, but you may way up waiting up to half an hour for it to sync to O365.
  • Reps will need to use AccountSetupReset tool instead
    • Direct the user to purdue.edu/accountsetup
    • Have them fill in the first two blanks, PUID & Date of Birth
      NOTE: They must match the example formats on the right EXACTLY
    • Generate a new Career Account Setup Password via https://www.purdue.edu/apps/account/AccountSetupReset
    • Once their information is in, they should be able to proceed to the next page and set a new Career Account Password
      NOTE: They only need this first page of the AccountSetup, they do not need to complete it
    • Have them leave the AccountSetupReset tool, and continue below with the new password

Set Boilerkey PIN# via their Boilerkey Page

  • Direct the user to visit their Boilerkey page, www.purdue.edu/boilerkey
  • Have them click on the "Manage" button in the middle to get to the CAS login page
  • Supply them with the Temporary Password from above, they'll need to log in with either:
    • PW,push
    • PW,6-digit-passcode
  • Direct them to set a new Boilerkey PIN# by clicking to click on "Set your BoilerKey PIN" next to the key icon, below the green square.
    NOTE: They CAN use the same PIN as before, but it's usually advised to change them periodically.
  • Once the PIN# is set, they'll be dropped back on the Boilerkey homepage.
  • Have them click on "Test your BoilerKey" next to the key icon.
  • Have them test to make sure their Boilerkey is working normally again.
    NOTE: Especially due to COVID, it's important than ever that everyone knows how to log in via PIN#,6-digit-passcode
  • Have the user click on "Boilerkey Self-Serve" under the black bar at the top of the page.
    NOTE: To avoid more CSC calls in the future, it's important to make sure everyone has activated the Boilerkey Self-Recovery-Tool, might as well do it while they're here.
  • Next to the ambulance icon, have them click "Enable BoilerKey Self-Recovery via text messaging"
  • They'll need to confirm their cellphone number via text message.

2nd STEAM-CIRT: Mandatory Microsoft Multi-Factor Authentication (MS MFA)

NOTE: To be rolled out early Fall 2021

  • They'll need to confirm their cellphone number via text message.

Secure O365 Mailbox

NOTE: If you set a tempPW via AD, and 'stalled' a bit by demoing PIN#,CODE, and enabled SRT... USUALLY their tempPW has synced to O365 by now. Otherwise, prepare to wait... syncing a PW to O365 via AccountSetupReset can take up to 30 minutes.

  • Direct the user to open a new tab, and navigate to the O365 portal via your preferred method, portal.office.com
    NOTE: Do this on the O365 web portal, do not do it via a mail client, app, or mobile device. It MUST be done on a non-mobile browser.
  • Have them log in via their username@purdue.edu
    NOTE: If they have a vanity email, their email and username will not match, needs to be their username, followed by @purdue.edu
  • For their password, use the temporary password from above
  • Once into O365, have them navigate to outlook
  • Have them click the gear icon in the upper right corner, and then "View all Outlook settings"
  • Open the "Rules" tab on the left
    • Have them review or read off the rules listed. It's usually pretty obvious if a rule is legitimate or not.
    • Have them remove any malicious rules
  • Open the "Sweep" tab on the left
    • Have them remove any sweep rules
  • Open the "Forwarding" tab on the left
    • If there's any forwarding rules set to addresses that they don't recognize, have them remove them
  • Tell them that they'll want to follow up after the call and review any sent, received or deleted emails to see if there's any issues that need to be addressed.
  • Additionally, if they used their purdue.edu email account as the recovery email for any other accounts, they should re-secure those accounts as well after the call.

Set Password via apps/account

NOTE: If you set a tempPW via AD, they'll need to go back and set a new Career Account Password now.

  • Direct the user to the apps/account page, purdue.edu/apps/account
    NOTE: Since they're already logged in with Boilerkey, they can set their password via their Boilerkey credentials
    NOTE: If they still have the Boilerkey tab open from above, they can just click on the "User Account Information" link at the top of that page.
  • In the lower right panel, click the "Reset Password" link near the bottom right.
  • Have them set a new password, make sure they get the confirmation message, and then they're done.

Resolution

  • End your call and resolve the ticket.












  • No labels