Certified Ethical Hacker (CEH v10) — Question 158
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?
Answer options
- A. Clickjacking
- B. Cross-Site Scripting
- C. Cross-Site Request Forgery
- D. Web form input validation
Correct answer: C
Explanation
The correct answer is C, Cross-Site Request Forgery, because the user was tricked into executing an unwanted action on their bank account by clicking on a link from a malicious email. The other options, while related to web security, do not specifically represent the scenario where the user is made to perform actions without their consent on a trusted site.