Ever surprised of an action you have performed without your notice? Receiving a payment confirmation of 400$ from ebay since you have viewed a post for pen drive sale on ebay once. A Cross Site Request Forgery(CSRF) Attack can make you embarrassed. CSRF is an attack that forces user to perform an action which he is authorised to do, without his intention.
Even this attack can occur when the user visits a malicious site constructed by attacker that will load and executes malicious URI embedded in it submitting user’s credentials to a users trusted site. Such attempts can be prevented by referrer checking, where trusted site will check if the origin of the request is same as that site (same origin policy). Although Referrer headers can be spoofed using XMLHTTP object, it adds some layer of protection.
CSRF attacks are successful against web applications that use implicit authentication. To protect from such attacks, web applications should implement POST only (although it does not completely resolve), Request Verification (such as CAPCHA), Request tokens. At the server side, web application firewall (such as modsecurity) has to be implemented to counter these CSRF attacks. Proper sanitation of user input has to be implemented on web application. On client side, browser addons such as CSRF Protector on Mozilla would help stay protected from these attacks.