CSRF attacks can be used, for example, to change firewall settings, send unauthorized data or perform fraudulent transactions. Vulnerable users are unaware of the attacks in question. If they are aware of the attacks at all, it is only after the damage has already been done.
CSRF attacks are carried out by the attacker spying on the user's identity and hacking the web server with the user's identity. Such an attack can also be carried out via an HTTP request that the user answers with his sensitive data.