Warning: T-shirt and Merchandise Scams are Targeting Veterinary Clinic Pages

Here’s how to keep your clinic and clients safe.

Heads up: We have seen a sharp rise in social media scams targeting veterinary clinic Facebook pages. If your team manages your clinic’s social accounts, please share this with them right away.

A wave of scams is making the rounds on veterinary clinic Facebook pages, and we want to make sure your team knows exactly what to look for and how to respond. These fraudsters are clever, opportunistic, and unfortunately pretty convincing at first glance. Here is what is happening and how to protect your practice.

How the scam works

Scammers look for posts on your Facebook page that have received a lot of likes and comments, such as a heartwarming patient story, a seasonal promotion, or a milestone announcement. These posts have a built-in audience, which is exactly what the scammer is looking for.

Once they find a high-engagement post, they leave a comment on it advertising branded merchandise, usually t-shirts, and include a link to purchase. To make the comment look more credible, they will often tag several of the people who liked or commented on the original post, essentially sending a personalized notification to potential victims.

These accounts are almost never new fake profiles. More commonly, scammers have hijacked a real person’s Facebook account, giving their activity an air of legitimacy. The comment may appear to come from someone who looks like a real community member or even a familiar face.

Why this matters for your reputation: If a client sees the comment, clicks the link, and makes a purchase, they may blame your clinic when the merchandise never arrives or their payment information is compromised. Even though your practice is the victim too, the association can damage trust.

What to do if it happens to your page

Act quickly. The sooner the comment is removed, the less exposure your clients have to it. Here are the steps to take:

1. Remove the scam comment immediately from your post.
2. Report the account to Facebook by clicking the three dots on the comment or profile and selecting “Report.” Choose the option that most closely matches the situation (spam, impersonation, or scam – I usually opt for SCAM).
3. Block the account so they cannot interact with your page again.
4. Consider leaving a brief, calm reply on the original post to let your followers know that a scam comment appeared and has been removed, and that it was in no way affiliated with your clinic. This heads off any confusion and shows your community you are watching out for them. (ex: Friendly heads up—an unauthorized scam comment advertising tshirts and other merchandise appeared here earlier and has been removed. It was not associated with our clinic. Thanks for helping us keep this space safe for our community!”)
5. Warn your team. If other staff members have admin access to your page, let them know what happened so they can be on the lookout too.

Get ahead of it: Set up keyword filters in Meta Business Suite

One of the most effective ways to prevent these comments from ever going live is to set up a keyword blocklist through Meta Business Suite. When a comment contains a blocked word, Meta will automatically hide it from your page before anyone sees it.

Here is how to do it:

1. Go to Meta Business Suite(business.facebook.com) and select your clinic’s page.
2. In the left-hand menu, click Settings.
3. Select Privacy, then look for Page moderation or Profanity filter settings (the exact label may vary slightly depending on your view).
4. Find the Keyword blocks field. Type in words you want to block, separated by commas, then save.

Suggested keywords to block: Consider adding words like tshirt, t-shirt, reserve, order, limited edition, link in bio, DM us, and shop now. Use your own judgment, as you know your page best. Be thoughtful about which terms might create false positives.

Additional steps to protect your page

• Review your page admins regularly. Make sure only trusted, current staff members have admin or editor access to your Facebook page. Remove anyone who has left the practice. Immediately remove anyone who has lost access to their page or has been compromised by a scammer.
• Turn on two-factor authentication for all accounts that have access to your page. This is one of the best defenses against account takeovers.
• Check your page’s comment activity periodically, especially on older posts that got a lot of engagement. Scammers often target posts that are weeks or months old because clinic staff may not be monitoring them as closely.
• Educate your team. Anyone who manages your social media should know what these comments look like. The faster someone spots and removes a scam comment, the better.
• Never click links in suspicious comments, even to investigate. If something looks off, report and remove without engaging with the link.

---

Questions or concerns about social media security for your practice? Connect with Laura! [email protected]