Here's an example of bad-guys using CSRF attacks try and extort money from domain name holders. Interestingly it's the first example of practical use of this kind of attack I've seen.
Although the vulnerability in GMail that seems to have been exploited is now fixed, I bet this won't be the last time we see this form of attack in use, and it does give an example of the kind of damage that a CSRF attack can cause...


Security Geek, Kubernetes, Docker, Ruby, Hillwalking