Dark Pattern Fines: $245M+ FTC Cases and How to Scan Your Site (2026)

$245 million. That is how much Epic Games paid to settle FTC charges over dark patterns in Fortnite. Amazon settled its Prime subscription dark patterns case for $2.5 billion in September 2025 -- the largest dark pattern enforcement action in history. ABCmouse paid $10 million for making it nearly impossible to cancel a children's learning subscription.

These are not outliers. They are the new normal. The Federal Trade Commission has made dark pattern enforcement a top priority, and the penalties are escalating with every case.

If your website uses any form of deceptive design -- even unintentionally -- your business is at risk. This guide covers what the FTC considers a dark pattern, the enforcement actions that have already happened, the rules that are now in effect, and exactly what you need to do to protect yourself.

What Are Dark Patterns?

Dark patterns are design choices that trick, manipulate, or pressure users into actions they did not intend to take. The term was coined by UX researcher Harry Brignull in 2010, but the concept is as old as commerce itself. What changed is that regulators now have the tools, the precedent, and the political will to punish them.

The FTC defines dark patterns broadly: any design practice that subverts or impairs user autonomy, decision-making, or choice. This includes visual tricks, confusing language, hidden information, and manipulative flows.

The critical point is that intent does not matter. If your website's design has the effect of deceiving users, the FTC can pursue enforcement regardless of whether you designed it that way on purpose.

The FTC's 2022 Enforcement Report

In September 2022, the FTC published a landmark report titled "Bringing Dark Patterns to Light." This report served as a public warning to every business operating online:

• It cataloged the types of dark patterns the FTC had observed
• It reviewed the legal authority the FTC has to pursue enforcement
• It explicitly stated that companies using dark patterns are "on notice"
• It signaled that enforcement actions would increase in frequency and severity

The report was not a new law. It was a declaration of intent. And the FTC has followed through.

Key Enforcement Actions

Epic Games / Fortnite -- $245 Million (2022)

The FTC charged Epic Games with using dark patterns that caused children to make unintended purchases. The design made it easy to accidentally buy items with real currency, and the cancellation/refund process was deliberately difficult. Epic paid $245 million in consumer refunds plus a $275 million privacy penalty.

Amazon Prime -- $2.5 Billion (2025)

Amazon settled with the FTC over its Prime subscription dark patterns -- a labyrinthine cancellation flow internally nicknamed "Iliad" (after Homer's epic). The FTC charged that Amazon enrolled users without clear consent and designed a multi-page, multi-step cancellation process to discourage users from completing it. The $2.5 billion settlement (September 2025) included $1 billion in penalties and $1.5 billion in consumer refunds.

ABCmouse / Age of Learning -- $10 Million (2020)

ABCmouse made it easy to sign up for a children's learning subscription but extremely difficult to cancel. Users reported being unable to find the cancellation option, being redirected through multiple pages, and having cancellation requests ignored. The FTC ordered $10 million in refunds and required the company to simplify its cancellation process.

Vonage -- $100 Million (2022)

Vonage charged customers early termination fees that were not clearly disclosed during sign-up and made cancellation available only by phone during limited hours. The FTC's order required $100 million in refunds to affected customers.

Fortnite (Additional) -- Publishers Clearing House, Credit Karma, and Others

The FTC has also pursued enforcement against companies for deceptive "free trial" offers that automatically convert to paid subscriptions, misleading subscription pricing, and manipulative opt-out flows. The pattern is consistent: if your design makes it hard for users to understand what they are agreeing to or hard to stop paying, the FTC is interested.

The 10 Dark Pattern Categories the FTC Targets

Based on enforcement actions and the FTC's published guidance, these are the categories of dark patterns most likely to trigger regulatory action:

1. Pre-Checked Subscriptions

Adding items, services, or subscriptions to a user's cart or account by default, requiring them to opt out rather than opt in. This includes pre-checked checkboxes for newsletter sign-ups, add-on services, or premium features during checkout.

2. Hidden Cancellation Flows

Making it easy to subscribe but difficult to cancel. Common tactics include burying the cancellation option deep in account settings, requiring a phone call to cancel, or presenting multiple "are you sure?" screens designed to exhaust the user into giving up.

3. Confirm-Shaming

Using emotionally manipulative language to guilt users into a desired action. Examples: "No thanks, I don't want to save money" or "I'll pass on protecting my family." The language is designed to make the user feel foolish or irresponsible for declining.

4. Hidden Fees

Revealing additional charges (service fees, processing fees, "convenience" fees) only at the final stage of checkout, after the user has invested time and effort in the purchase flow. The initial price appears lower than the actual total.

5. Deceptive Button Contrast

Designing the "accept" or "upgrade" button to be visually prominent (large, colorful, high contrast) while making the "decline" or "skip" option small, gray, or styled as plain text. The visual hierarchy steers users toward the option that benefits the company.

6. Fake Urgency

Displaying countdown timers, "only 3 left!" warnings, or "offer expires soon" messages that are false or misleading. If the timer resets when the user returns, if the "limited" stock never actually runs out, or if the offer is always available, it is a deceptive practice.

7. Roach Motel

Easy to enter, hard to leave. This applies to subscriptions, accounts, and services where signing up takes one click but canceling requires multiple steps, phone calls, or waiting periods. The FTC's Click-to-Cancel Rule directly targets this pattern.

8. Forced Continuity

Automatically renewing a subscription or charging a user's payment method after a free trial ends without providing clear, timely notice. Users must be informed before the charge occurs and given a simple way to cancel.

9. Trick Questions

Using confusing language, double negatives, or counterintuitive phrasing to cause users to make choices they did not intend. For example: "Uncheck this box if you would prefer not to receive emails" -- a double negative that confuses the user about what checking or unchecking actually does.

10. Visual Misdirection

Drawing the user's attention away from important information (such as recurring charges, data sharing disclosures, or terms changes) by using small text, low contrast, or placement outside the user's expected focal area.

The FTC Click-to-Cancel Rule (2024)

In October 2024, the FTC finalized its Click-to-Cancel Rule. The rule went into partial effect in early 2025, but was vacated by the Eighth Circuit Court of Appeals in July 2025. While the federal rule's future is uncertain, its principles remain enforceable through state laws (notably California's Automatic Renewal Law) and the FTC's broader Section 5 authority. Key requirements the rule established:

• Cancellation must be as easy as sign-up. If a user can subscribe online, they must be able to cancel online. No phone calls, no chat-only cancellation, no mailed letters.
• Clear disclosure before charging. Before enrolling a user in any recurring charge, you must clearly disclose the terms -- including the amount, frequency, and how to cancel.
• Consent must be affirmative. Pre-checked boxes and bundled consent (e.g., agreeing to terms and subscribing to a service in one click) do not count as valid consent.
• Confirmation before cancellation saves. You can offer a retention offer, but only once, and the user must be able to decline and complete cancellation immediately.

The FTC's general penalty authority allows fines of up to $53,088 per violation (2025 figure, adjusted annually for inflation) for deceptive practices under Section 5.

State Attorney General Enforcement

The FTC is not the only enforcer. State Attorneys General have independent authority to pursue dark pattern cases:

California

California's Automatic Renewal Law (ARL) requires clear disclosure of subscription terms, affirmative consent, and easy cancellation. California has been particularly aggressive in enforcement, with the AG's office pursuing cases against companies that make cancellation difficult.

New York

New York's consumer protection statutes prohibit deceptive business practices, and the AG's office has used this authority to target dark patterns in subscription services, e-commerce, and financial products.

Colorado, Illinois, and Others

Multiple states have enacted or are considering legislation specifically targeting dark patterns, with penalties ranging from per-violation fines to private rights of action allowing individual consumers to sue.

How to Audit Your Website for Dark Patterns

Step 1: Map Every User Flow

Document every path a user can take on your website, paying special attention to:

• Sign-up and subscription flows
• Checkout and payment processes
• Account management and cancellation
• Cookie consent and privacy opt-outs
• Email and notification preferences

Step 2: Check Each Flow Against the 10 Categories

For every flow, ask:

• Is the user making an informed, affirmative choice?
• Is the flow equally easy in both directions (subscribe/unsubscribe, opt-in/opt-out)?
• Are all costs disclosed upfront, before the user commits?
• Is the language clear and neutral, not manipulative or shaming?
• Does the visual design treat all options equally, or does it steer the user?

Step 3: Test with Real Users

Internal teams are often blind to their own dark patterns because they designed them. Have someone unfamiliar with your site attempt to:

• Sign up for and then cancel a subscription
• Complete a purchase and identify the total cost (including all fees) before the final confirmation
• Opt out of all marketing communications
• Delete their account

If any of these tasks are confusing, time-consuming, or frustrating, you likely have a dark pattern problem.

Step 4: Run an Automated Scan

Automated scanning tools can detect many common dark patterns -- deceptive button contrast, pre-checked checkboxes, fake urgency elements, hidden fees, and manipulative language. An automated scan gives you a baseline and catches issues that manual review might miss.

Step 5: Remediate and Document

Fix every issue you find. Document the changes. If you are ever investigated, a clear record showing that you identified dark patterns and proactively fixed them demonstrates good faith -- which can significantly reduce penalties.

The Cost of Ignoring This

The FTC's trajectory is clear: enforcement is accelerating, penalties are increasing, and the legal definition of what constitutes a dark pattern is expanding. The Click-to-Cancel Rule adds a specific, enforceable standard with per-violation penalties.

Companies that wait for an FTC complaint to address dark patterns face:

• Fines ranging from millions to hundreds of millions of dollars
• Mandatory consumer refunds that can exceed the fine itself
• Consent orders requiring years of FTC oversight
• Reputational damage from public enforcement actions
• Class action lawsuits that follow FTC investigations

The cost of an audit and remediation is a fraction of any of these outcomes.

Scan Your Website Today

PageAuditors' Dark Pattern Scanner automatically detects the 10 categories of dark patterns the FTC targets. It checks your sign-up flows, checkout processes, button design, language, and cancellation paths -- then explains every finding in plain English with specific guidance on how to fix it.

Your first scan is free. No credit card required.

Scan your website for dark patterns at PageAuditors