You attempt to purchase something, but somewhere in the purchasing journey the site sneaks an additional item into your basket, often through the use of an opt-out radio button or checkbox on a prior page.
godaddy.com provides a perfect example of this dark pattern. On their site you can search for a domain name to buy, as shown below:
Let's imagine you pick the "get 3 and save 69%" bundle, priced at $17.00. The next page (below) automatically adds privacy protection to your basket, priced at $7.99. What's not clearly explained here is that because you're buying four domains, it's actually quadruple the price shown (4 x $7.99 = $31.96).
When you arrive on the cart page below, you'll find the price has somehow inflated to $154.31. This is a far cry from the $17.00 indicated on the first page. A number of things have been sneaked into the basket - 2 years of domain registration for all four domains (instead of one year, as indicated on the pricing on the first page), and the privacy protection. To add to this, the actual pricing of each item was misleading on the first page.