review-2

Author: v-thpra

learn-pr/security/securing-you-basics-beyond/1-introduction.yml

@@ -3,7 +3,7 @@ uid: learn.securing-you-basics-beyond.1-introduction
 metadata:
   title: Introduction
   description: Introduction
-  ms.date: 04/26/2023
+  ms.date: 05/29/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/security/securing-you-basics-beyond/2-phishing.yml

@@ -3,7 +3,7 @@ uid: learn.securing-you-basics-beyond.2-phishing
 metadata:
   title: Identify and protect yourself from phishing
   description: Identify and protect yourself from phishing
-  ms.date: 04/26/2023
+  ms.date: 05/29/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit
@@ -41,4 +41,4 @@ quiz:
       explanation: "Perfect! Identifying the email as suspicious and not interacting with it are the best way to protect yourself from phishing."
     - content: "Don't open any attachments or click any links unless the email says you need to take immediate action."
       isCorrect: false
-      explanation: "Attackers will use a false sense of urgency to get you to interact with their email."
+      explanation: "Attackers use a false sense of urgency to get you to interact with their email."

learn-pr/security/securing-you-basics-beyond/3-passwords.yml

@@ -3,7 +3,7 @@ uid: learn.securing-you-basics-beyond.3-passwords
 metadata:
   title: Passwords, passphrases, and secure storage of credentials
   description: Passwords, passphrases, and secure storage of credentials
-  ms.date: 04/26/2023
+  ms.date: 05/29/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit
@@ -22,13 +22,13 @@ quiz:
       explanation: "This password is too simple and can be easily guessed or cracked."
     - content: "The word *password* with special characters and numbers mixed in."
       isCorrect: false
-      explanation: "This is a common password variation that should never be used for any account."
+      explanation: "This password is a common variation that should never be used for any account."
     - content: "A five-word passphrase with some numbers mixed in."
       isCorrect: true
       explanation: "Great! Having five different, unrelated words in a passphrase provides enough complexity to keep it from being guessed or cracked."
     - content: "Your birthday in numbers followed by your name."
       isCorrect: false
-      explanation: "You should avoid creating a password that contains information that can be guessed, is associated with a social media account, or might already be available in other leaked account data."
+      explanation: "You should avoid creating a password that contains information that can be guessed. You should also avoid a password associated with a social media account, or one that might already be available in other leaked account data."
 
   - content: "What is the most secure approach to create a password when you're creating a new account?"
     choices:
@@ -37,10 +37,10 @@ quiz:
       explanation: "Though better than using the same password, simple passwords are easy to guess and can be easily cracked."
     - content: "Create a unique, long, complicated password or passphrase."
       isCorrect: true
-      explanation: "Good job. The more complex your password is, the harder it will be for hackers to crack it."
-    - content: "Reuse your favorite password, as long as you know it has not been exposed in a breach."
+      explanation: "Good job. The more complex your password is, the harder it is for hackers to crack it."
+    - content: "Reuse your favorite password, as long as you're sure it wasn't exposed in a breach."
       isCorrect: false
-      explanation: "Never reuse any of your passwords, because one or more of them have already been stolen in a breach."
+      explanation: "Never reuse any of your passwords, because chances are that one or more of them is already stolen in a breach."
     - content: "Use *correct horse battery staple*."
       isCorrect: false
       explanation: "Don't use any examples you read about. Always come up with your own, and make them as random as possible."

learn-pr/security/securing-you-basics-beyond/4-multi-factor-authentication.yml

@@ -3,7 +3,7 @@ uid: learn.securing-you-basics-beyond.4-multi-factor-authentication
 metadata:
   title: Improve account security with multifactor authentication
   description: Understand the basics of multifactor authentication, and how to use it for securing your identity.
-  ms.date: 04/26/2023
+  ms.date: 05/29/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit
@@ -22,23 +22,23 @@ quiz:
       explanation: "As implied by *multifactor*, more than one factor is required."
     - content: "Two"
       isCorrect: True
-      explanation: "Yes, this is the minimum number of factors required for supporting multifactor authentication."
+      explanation: "Yes, two is the minimum number of factors required for supporting multifactor authentication."
     - content: "Three"
       isCorrect: false
-      explanation: "Though this makes accessing your account more secure, the minimum number of factors needed for multifactor authentication is two."
+      explanation: "Using three factors makes accessing your account more secure, but the minimum number of factors needed for multifactor authentication is two."
     - content: "Zero"
       isCorrect: false
       explanation: "At least two factors are needed for multifactor authentication. Zero factors means you don't have a password."
 
   - content: "When should you use multifactor authentication?"
     choices:
-    - content: "Only for securing financial accounts"
+    - content: "Only for securing financial accounts."
       isCorrect: false
-      explanation: "You should not restrict use of multifactor authentication to just one type of account."
-    - content: "Only for securing access to a password manager"
+      explanation: "You shouldn't restrict use of multifactor authentication to just one type of account."
+    - content: "Only for securing access to a password manager."
       isCorrect: false
-      explanation: "Though this is probably the most important thing to secure by using multifactor authentication, you should consider even more options."
-    - content: "For all your accounts, and wherever you can use multifactor authentication"
+      explanation: "A password manager is probably the most important thing to secure by using multifactor authentication, but you should consider even more options."
+    - content: "For all your accounts, and wherever you can use multifactor authentication."
       isCorrect: true
       explanation: "The best option is to use multifactor authentication wherever it's available."
     - content: "Never"

learn-pr/security/securing-you-basics-beyond/5-summary.yml

@@ -3,7 +3,7 @@ uid: learn.securing-you-basics-beyond.5-summary
 metadata:
   title: Summary
   description: Summary
-  ms.date: 04/26/2023
+  ms.date: 05/29/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/security/securing-you-basics-beyond/includes/1-introduction.md

@@ -7,9 +7,9 @@ Think about the internet as a neighborhood where you do common tasks such as ema
 - Automated downloads that install ransomware to keep you from using your computer until you pay (or until you restore from a backup).
 - Government-backed hackers who might be on a mission to steal intellectual property or destabilize governments.
 
-Most of your online activity probably doesn't directly expose you to crime. But the odds are good that you know someone who was a victim of some kind of computer-related crime, like computer viruses, malware, identity theft, or data breaches. If it hasn't happened to you and if you don't protect yourself, it's just a matter of time before you're directly affected. What can you do to keep yourself safe, without having to be a cybersecurity expert?
+Most of your online activity probably doesn't directly expose you to crime. But the odds are good that you know someone who was a victim of some kind of computer-related crime, like computer viruses, malware, identity theft, or data breaches. If you don't protect yourself, it's just a matter of time before you're directly affected. What can you do to keep yourself safe, without having to be a cybersecurity expert?
 
-Keeping your passwords, account information, and other sensitive data secure might be easier than you think. We show you techniques and tools that you can use to protect yourself from the most common threats.
+You might find that keeping your passwords, account information, and other sensitive data secure is easier than you think. We show you techniques and tools that you can use to protect yourself from the most common threats.
 
 ## Learning objectives
 

learn-pr/security/securing-you-basics-beyond/includes/2-phishing.md

@@ -1,6 +1,6 @@
 Imagine you're looking through your email and you see what looks like an alert from one of your social media accounts. Everything looks official. It asks you to sign in to your account and verify that your contact information is correct. You click the link in the email and sign in to what looks like your account.
 
-Unfortunately, in that moment, an attacker has successfully stolen your account sign-in information.
+Unfortunately, in that moment, an attacker successfully steals your account sign-in information.
 
 This email-based *social engineering* technique is called *phishing*. Attackers use this technique often, sending [over a billion phishing emails every year.](https://www.microsoft.com/security/blog/2018/10/17/how-office-365-learned-to-reel-in-phish/?azure-portal=true)
 
@@ -14,21 +14,21 @@ Phishing email is written to convince you to do one of two things:
 - Open an attachment that runs a dangerous program.
 
 > [!NOTE]
-> In this training, the term *click a link* is used to represent clicking a link with a mouse, tapping a link on a phone, or using any other type of assistive or other device to activate a link.
+> In this training, the term *click a link* is used to represent clicking a link with a mouse, tapping a link on a phone, or activating a link on any other type of device.
 
 One of the most common phishing goals is to collect your personal information, such as your username and password. If the attacker is successful, they'll use your stolen information to access your account and any other accounts where you use that same username and password.
 
 Another common phishing goal is to deliver malicious software, called *malware*. Opening one of these dangerous attachments can result in running a program that harms your computer. Such a program might even lock you out of your computer unless you pay a ransom. This malware is known as *ransomware*.
 
-Phishing is one of the most common threats on the internet. In 2019 alone, the [FBI's Internet Crime Complaint Center (IC3) reported more than 450,000 complaints and more than $3.5 billion in losses to individuals and businesses](https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120?azure-portal=true). This data represents only a small number of the actual cases. In other words, phishing is a popular and successful way for a criminal to steal your data.
+Phishing is one of the most common threats on the internet. In 2019 alone, the [FBI's Internet Crime Complaint Center (IC3) reported more than 450,000 complaints and more than $3.5 billion in losses to individuals and businesses](https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120?azure-portal=true). This data represents only a few of the actual cases. In other words, phishing is a popular and successful way for a criminal to steal your data.
 
 :::image type="content" source="../media/2-phishing-stats.png" alt-text="Diagram that shows phishing statistics: 92.4% of malware is delivered via email, 30% of received phishing messages are opened, and 12% of those users click the malicious link or open the attachment.":::
 
 ## Why does phishing work so often?
 
 Phishing is designed to be believable. Attackers have been using the same approach since the first phishing emails were sent in the 1990s. They often try to take advantage of your good nature, your desire to help, or your desire to solve a problem.
 
-Attackers know what emotions get people to respond. For example, they might send an email to get you to click a link by telling you something needs to happen urgently. One common example is an email that says your account has been closed. Although this might seem like something serious at first, remember that most businesses won't send you an email that says they've closed your account with no warning.
+Attackers know what emotions get people to respond. For example, they might send an email to get you to click a link by telling you something needs to happen urgently. One common example is an email that says your account has been closed. Although this message might seem like something serious at first, remember that most businesses won't send you an email that says they've closed your account with no warning.
 
 Another common approach is to offer something too good to be true. Attackers will tell you that you've won an award or that they need you to manage their large sums of money.
 
@@ -45,16 +45,16 @@ First, recognize phishing! The following video has some guidance on what to look
 Here are some common features of phishing attacks:
 
 - **Attachments**: If your email has an attachment that you don't expect, it might be phishing, and that attachment might be dangerous.
-- **Unusual hyperlinks**: Be aware of any links in emails. If you hover over a link and the destination looks odd, it might be a dangerous website. A website might look just like a legitimate one, but be designed to capture your login information or run malware.
+- **Unusual hyperlinks**: Be aware of any links in emails. If you hover over a link and the destination looks odd, it might be a dangerous website. A website might look just like a legitimate one, but be designed to capture your sign-in information or run malware.
 - **Urgency**: If a message says you need to do something *right now*, it might be a phishing email. Remember, your bank usually doesn't reach out to you with no warning by using an email subject about canceling your accounts.
 - **Bad spelling or grammar**: Phishing emails are often full of unusual writing, spelling errors, and grammar errors. If the email looks suspicious, you should avoid interacting with it.
 - **Fake sender**: If the email address looks unusual or is someone you don't recognize, you should treat it as a phishing email.
 
 The following example email has all of these features.
 
-:::image type="content" source="../media/2-phishing-email.svg" alt-text="Sample email that shows common signs of phishing, including fake email addresses, unexpected attachments, urgent messaging, bad links, and poor grammar.":::
+:::image type="content" source="../media/2-phishing-email.svg" alt-text="Sample email that shows common signs of phishing. Including, fake email addresses, unexpected attachments, urgent messaging, bad links, and poor grammar.":::
 
-Now that you can recognize phishing email and you know not to click any links or open any attachments, let's talk about what else you can do. Your email application or website probably has the *report phishing* feature. Using this feature will notify the email provider and help prevent similar email in the future. Of course, you can delete phishing email too.
+Now that you can recognize phishing email and you know not to click any links or open any attachments, let's talk about what else you can do. Your email application or website probably has the *report phishing* feature. Using this feature will notify the email provider and help prevent similar email in the future. Or, you can delete phishing email yourself.
 
 If you aren't sure about an email from a friend or family member, you still don't need to click any links or open any attachments. You can give them a call or send a text message and ask if they sent you anything.