All employees, students and retirees have a Ball State account they use to access Ball State’s information technology services and resources. This account is unique and is comprised of a username and password. Each account is assigned security privileges to access personal information and applications on campus. It is the responsibility of each individual to protect their password as stated in the Information Technology Users’ Privileges and Responsibilities.

If an account becomes compromised it is necessary to report the compromise and take necessary steps to prevent compromising any other resources. Having a compromised account means an unauthorized source has obtained the Ball State username and password. This can, and usually is accomplished by the account owner providing their username and password to a phishing scam.

It is important to fully understand the dangers of having a compromised account for the owner and the University. When an account is compromised by an owner providing their username and password either as a reply to an e-mail, or accessing a fraudulent Web page through a link, their account will begin sending thousands and thousands of spam messages to internal and external accounts.

When Information Technology Services detects a large volume of outbound spam coming from an account they disable the account and report it to the Helpdesk. It’s crucial to disable the account immediately so the hacker cannot fraudulently access any other campus resources the owner has access to. As a student it could be your Canvas, Gradebook and Student Financial Services account information. As an employee it could be one of many systems across campus, such as Canvas, Student Services, or Business Affairs.

If you are unable to access your Ball State account and you have provided your username and password either by replying to an e-mail or clicking on a link and providing them on a fraudulent Web page you should contact the Helpdesk for instructions on getting your account enabled.

Scammers are getting smarter and it’s the responsibility of each one of us to be aware of phishing attacks and not fall victim to one. The Security Awareness Web page provides valuable information on resources everyone can use to stay aware. The Ball State Reported Spam Web page provides actual examples of phishing spam being sent to students and employees.

There is NO university department or person on campus that is permitted to ask you for your username and password by phone, e-mail or any other means of communication. If you are still unsure of an e-mail may be legitimate contact the Helpdesk for assistance before taking any action.