Account takeover occurs when a criminal poses as the customer and gains control of an account and then makes unauthorized transactions. Which statement best describes this?

Account takeover is when an attacker impersonates the customer, gains control of the account, and then uses it to perform unauthorized transactions. The best description is the one that explicitly states the criminal poses as the customer, gains control of the account, and makes unauthorized transactions. The other scenarios don’t capture takeover: a forgotten password describes a lockout rather than someone taking over the account; a payment that the system marks as normal suggests legitimacy, not a compromised account; and a user changing a password using single-factor authentication could be legitimate or insufficient security, but it doesn’t describe an attacker taking control and executing unauthorized transfers. In real-world scenarios, defenses include stronger authentication (like multi-factor), monitoring for unusual activity, and customer alerts to detect and prevent takeover.