Persistent pop-up reminders such as “Complete your purchase,” or notifications warning that “Items in your cart are selling fast” are examples of dark patterns—also known as deceptive design practices—that are used by websites and apps to manipulate behavior and influence purchasing decisions in ways that can put personal and company data at risk.
Dark patterns come in many forms and can be found in a variety of industries, including e-commerce, subscription services, advertising, and even gaming apps. These deceptive design techniques can potentially introduce security and privacy risks. Especially during the busy holiday shopping season, it’s important to help employees stay aware of how these dark patterns can impact them and the organization.
Common Types of Dark Patterns
These common types of dark patterns are employed by designers and developers to deceive users:
- Confirmshaming: Apps and websites often use emotional triggers like guilt or shame to influence decision-making. This tactic, known as “confirmshaming,” relies on belittling language in buttons to pressure shoppers into agreeing to something they may not want. For example, instead of a simple “No,” the decline option might read, “No thanks, I hate saving money,” an attempt to make the consumer feel uncomfortable about opting out.
- Disguised advertisements: These ads are deliberately designed to look like regular content or product recommendations. They mimic the visual style and layout of a product’s website, including interface buttons designed to blend seamlessly, making it difficult for people to realize they are viewing an ad and not the website. The goal is to deceive the consumer into clicking links that may be malicious or into making purchases, possibly with fraudulent vendors.
- Fake urgency: Websites and apps often use countdown timers or misleading scarcity messages to pressure shoppers into buying quickly. This time pressure can increase anxiety and reduce the ability to critically evaluate information.
- Hidden costs: Shoppers are often drawn in at a low advertised price, only to discover unexpected fees and charges added at checkout. The true cost is only displayed at the very end—after the consumer has spent time entering personal details such as their name, email, phone number, and address. Research shows that many consumers proceed with the purchase at this point because they’ve already invested time and effort and fear they won’t find a better price elsewhere.
- Preselection: This design pattern displays a default option that is already chosen for the shopper, subtly influencing decision making. For example, travel booking sites often preselect travel insurance, automatically adding it to the total unless the shopper actively opts out.
Helping Employees Avoid Dark Patterns
- Emphasize the importance of reviewing costs. Prior to checkout, all total costs should be checked before submitting any personal or financial information.
- Promote the use of familiar, trusted sites and apps for all purchases. Lesser-known or unverified sites often use deceptive design tactics aggressively, increasing the risk of phishing, fraud, and even malware infections. By sticking to trusted retailers, exposure to these manipulative practices is reduced and both personal information and the organization’s security remains protected. Before purchasing from a new shopping site or app, research it first: read user reviews of the site, its products, and its return and privacy policies.
- Warn against interacting with ads. “Sponsored” or “ad” links could be scams, offering little or no recourse if there is an issue later. Encourage employees to purchase items directly from the official site.
- Reinforce corporate security boundaries. Employees should refrain from using work email or credentials for personal shopping. If work credentials or devices are exposed during holiday shopping, attackers can exploit them to access corporate systems and client and corporate confidential data.
While dark patterns can be used for relatively benign purposes, they can also be used to spread malware and other malicious activities. Awareness of dark patterns and how they work is crucial to protecting company and personal data. By educating employees on how to spot and avoid these manipulative practices, everyone’s shopping data remains safe and secure.