*Needs Updated - Compromised Accounts, Scrambled Passwords & STEAM-CIRTS
<ABOVE> new documentation in progress
<BELOW> existing documentation
A customer's password and BoilerKey PIN will become scrambled if the Security team has reason to believe that their career account has been compromised.
In order to minimize the impact, ITaP Security and Policy immediately scrambles a customer's career account password and BoilerKey PIN in an effort to protect them and Purdue from an unauthorized individual accessing information and systems that the customer is authorized to access.
This, unfortunately, will cause them to be unable to log in to any system which uses their Purdue career account - this includes both their BoilerKey and their Purdue career account password logins.
One symptom the customer might see if their account has been compromised are suspicious emails, or an increase in the amount of spam email that they receive, prior to noticing that their career account no longer allows them to log in to any system.
Users often call in stating they could access a Purdue system earlier in their work or class day, but it has locked them out for reasons unknown. Check Footprints for a ticket history regarding a STEAM-CIRT before any further troubleshooting.
Specialists Working Dispatch
Apply the 'CSC.Steam Cirt' quick issue template to the FootPrints ticket.
Change the 'User ID' field on the Contact Information tab in the ticket to the user ID of the account that has been scrambled. It will be listed in the ticket title and customer note.
NOTE: The information fields in the ticket may need to be cleared with the 'Clear' button above the 'User ID' text field, as it will often have the information of members of the Security team listed in full, despite the username being that of the compromised account.
Clicking 'Clear' will remove all text in the User information tab.
Representatives Working Dispatched Tickets
Attempt to contact the customer first by phone, and then by email. Customer phone numbers can be found in Footprints, the Directory, or found by a Supervisor/Specialist in Banner.
If leaving a voicemail message, ask the customer to call the CSC at (765) 494-4000 to restore access to their account. They will need to provide information pass an ID verification.
NOTE: Be sure to reference the STEAM-CIRT ticket number when leaving a voicemail message.
If you are not able to reach the user by phone, or if there is no phone number, please mark the ticket "Resolved > Referred to" and use the following customer note to contact the customer:
Our security team has identified your Purdue Career Account has been compromised by an outside entity. Access to your account has been scrambled to prevent further intrusion.
You will need to call in to regain access to your account. This will require ID verification, so we cannot do that over email. If you cannot call in by phone, arrangements will need to be made to schedule a WebEx meeting with one of our team members.
At your convenience, please call into the 24/7 ITaP Customer Support Center at (765) 494-4000. If we are experiencing a high number of calls at the time of your call, you may be put on hold, please stay on the line to speak with an associate to resolve the issue. Leaving a voicemail will not advance your issue towards resolution.
This ticket will be held in a resolved state until we receive your call.
Thank you,
<your first name here>
ITaP Customer Service Center
When the user calls in, upon researching the ticket number, the Representative or Specialist should first click the link to the Qualtrics survey at https://purdue.qualtrics.com/SE/?SID=SV_aWW1EAM5JujrKxD and read the questions aloud to the customer.
NOTE: This survey should also be linked in each STEAM-CIRT ticket's tech notes.
Make sure to gather the customer's user name and enter it into the survey when prompted.
NOTE: Once a Specialist or Representative has reestablished access to the user's account, they should check and verify their bank account information in SuccessFactors, forwards and rules in their email, etc. to confirm no changes were made to their personal information.
Spammers will usually set rules in email inboxes to forward emails to an outside address, or automatically delete incoming emails so that even though the user recovers control of their inbox, it may appear as though they are not receiving emails.
BoilerKey PIN resets can also be forgotten when assisting a user with a reset password. This can cause confusion and repeatedly reopened tickets for frustrated users. Ensure that both of these are completed prior to Resolving the ticket.
EXAMPLE: malicious mailbox rules
Once the survey has been filled out, it should be noted as such in the STEAM-CIRT tech notes.
The Specialist or Representative should then follow normal career account password reset and BoilerKey PIN issuance procedures.
Mark the ticket as Resolved once the user has confirmed they can again access their accounts, and have not had their information compromised (mail rules, bank changes, etc).