HomeScamsEverywhereGift-Card Scams
🎁 Scam Guide · 2026 · Everywhere

Gift-Card Scams: 3 Variants and the FTC's One-Sentence Rule

$217 million lost to gift-card scams in 2024 across 41,000+ reports (FTC). Gift cards are the second-most-reported fraud-payment method by older adults at 16% of loss reports. 3 documented variants — boss-impersonation BEC, government/utility/tech-support outbound demand, and in-store card-draining. Real Reddit victim stories, federal-source verified, and the FTC's one-sentence rule that defeats every variant.

Bernard Huang
By Bernard Huang
Editor, tabiji.ai
💬 Channels: Phone · Email · Retail in-store 📅 Updated April 2026 📑 3 variants documented ⭐ Reddit-sourced & FTC/FBI/AARP-verified
🎯 Target: Anyone — universal across age + income brackets 📈 2024 losses: $217M across 41K reports (FTC) 📉 Older-adult fraud-payment share: 16% (FTC)
📖 9 min read

📌 The 30-Second Version

U.S. consumers lost $217 million to gift-card scams in 2024 across 41,000+ reports (FTC), and gift cards rank as the second-most-reported fraud-payment method by older adults at 16% of loss reports — second only to credit cards at 26%. About one in four fraud-loss victims report it happened via gift card numbers. The FTC's one-sentence rule covers 99% of the variants on this page: "Anyone who tells you to pay with a gift card is a scammer." No legitimate business, employer, government, utility, hospital, or service ever requests payment via gift cards. The same gift-card rail also gets abused at the retail-shelf level — sticker-overlay tampering and blister-pack draining have surged enough that Maryland passed the nation's first state law against card-draining in 2024 and Target redesigned its gift cards the same year.

⚡ Quick Safety Rules

🪞 Is this a gift-card scam? — 30-second self-check

Run before buying gift cards in response to any request. Two or more "yes" answers and the answer is yes.

  1. Did someone — anyone — ask you to pay for something using gift cards (Apple, Target, Walmart, Amazon, Google Play, eBay, Visa/MC/Amex)?
  2. Is the request urgent — "I need them in the next hour," "the IRS will issue a warrant," "the office event is tonight"?
  3. Are you being asked to send the card numbers and PINs by photo, email, or chat — rather than handing physical cards over in person?
  4. Was the request unsolicited — not initiated by you contacting the agency, employer, or service through their official channel?

2+ yes: Gift-card scam. Stop. Do not buy the cards. Report at reportfraud.ftc.gov. → Skip to What to Do

Jump to a Variant

  1. High Boss-Impersonation BEC Gift-Card Request
  2. High Government / Utility / Tech-Support Outbound Demand
  3. High In-Store Card-Draining (Sticker Overlay + Blister Pack)

The Anatomy of $5,000 in Apple Gift Cards at the Cashier's Counter

The post is on r/retailhell, headlined "Customer bought $5,000 in gift card scam." The author was working a register at a big-box retailer when an older man walked up with a basket holding fifty $100 Apple gift cards. He kept his phone pressed to his ear the entire time, occasionally muttering "yes, I'm at the register now" to whoever was on the other end. The cashier had been trained to spot exactly this — the pile of high-denomination Apple cards, the active phone call, the customer's anxious affect — and tried gently to ask whether the cards were a gift for someone. The customer said no, they were "for the IRS."

The cashier called over a manager. The manager pulled the customer aside and explained, calmly, that the IRS does not accept payment via Apple gift cards. The customer protested — the agent on the phone had specifically said the cards were the only way to avoid an arrest warrant for unpaid back taxes. The manager held up a printed FTC notice posted next to the register: "Anyone who tells you to pay with a gift card is a scammer." The customer hung up the phone. The transaction stopped. The cards went back on the rack. The author of the r/retailhell post, with 989 upvotes, ended the thread with the line that captures the volume of this script: "This happens at our store maybe once a week. We catch most of them. But not all."

The thread is one of dozens running across r/retailhell, r/lossprevention, and r/Scams every week. The pattern underneath is the same — only the agency name (IRS, SSA, sheriff, "Microsoft support") and the dollar amount change. [r/retailhell · 989 upvotes]

What These Scams Actually Are

Gift-card scams are a category of payment-rail fraud where gift cards function either as the extraction vehicle (the scammer demands them as payment for a fake debt, fake job, fake emergency) or as the target itself (in-store tampering that redirects customer purchases to scammer-controlled accounts). Per the FTC's Consumer Sentinel Network 2024 Data Book, U.S. consumers lost "over $217 million in gift card scams in 2024, with over 41,000 gift or reload card-related scams reported." The FTC's older-adult fraud-payment data ranks gift cards as the second-most-reported payment method by loss reports — credit cards at 26%, gift cards at 16% — and notes that "about one in four people who report losing money to fraud say it happened when a scammer tricked them into giving the numbers on the back of a gift card."

Mechanically, the scripts share four phases:

  1. Pretext. The scammer establishes authority — boss, IRS agent, sheriff's deputy, utility-company representative, tech-support technician — and creates urgency around an action that requires payment. The pretext varies; the demand for gift cards as the payment rail is constant.
  2. Coaching to the store. The scammer keeps the victim on the phone (or on email/text) and walks them through which retailer to visit, which card brand to buy, and what dollar amount. The active phone call during the gift-card purchase is one of the diagnostic signals retail cashiers are trained to flag.
  3. Code transfer. The victim sends photos of the cards' backs (showing the redemption codes and PINs) or reads them aloud over the phone. Once the codes leave the victim's possession, the scammer redeems them within minutes via online resellers, peer-to-peer transfer to other gift cards, or direct purchases at the issuing brand.
  4. No recovery. Gift-card transactions have no chargeback rights, no recall mechanism, and no buyer protection. Once the codes are redeemed, the funds are gone. Recovery is occasionally possible if the victim reports to the issuer's fraud line within the first hour AND the cards have not yet been redeemed — but the window is narrow and the success rate falls sharply after 24 hours.

The third variant — in-store card-draining — runs on a different mechanism but ends in the same place. Thieves manipulate physical gift cards on retail display racks before legitimate buyers purchase them: placing fake barcode stickers over the real barcode (so the customer's payment loads onto a different card the scammer controls), opening blister packs with heat tools to record card numbers and resealing them, or NFC tap-to-clone skimming on contactless cards. Per TheStreet's coverage of FTC warnings, the methods include "fake barcode stickers that redirect your money to a criminal's card, packages resealed with heat tools after thieves record the numbers, and tap-to-clone NFC skimming, allowing funds to be stolen instantly." Maryland passed the nation's first state law against gift-card draining in 2024, and Target redesigned its physical gift cards the same year — store cards now have a blank space where codes used to be, with a cashier applying a security access label at checkout.

🔑 The single rule that defeats every variant — anyone who asks for gift cards is a scammer

The FTC's one-sentence rule is the entire defense: "Anyone who tells you to pay with a gift card is a scammer." No legitimate business, employer, government agency, utility company, hospital, court, or service ever requests payment via gift cards. The IRS does not. The Social Security Administration does not. Your boss does not. Your utility company does not. Apple, Microsoft, and Google tech support do not. The FBI, the Postal Inspection Service, and your local sheriff do not.

The rule extends to verification. If you receive a request you're unsure about — even from a known sender — verify through a separate channel. A boss-impersonation email becomes a face-to-face hallway conversation. An "IRS" call becomes a fresh call to 1-800-829-1040 from your own phone. A "tech support" pop-up becomes typing the company's URL into a fresh browser tab and using their published support contact. The two-second extra friction of verifying through a second channel catches every variant on this page — the scam infrastructure depends on the victim staying on the original channel and following the original instructions.

One payment rail, three pretext patterns. The variants below cover the three most-documented gift-card-scam intake types in the FTC's 2024 dataset.

The 3 Variants

Variant #1
Boss-Impersonation BEC Gift-Card Request
⚠️ High
💬 Channel: Email or text from a spoofed address impersonating the CEO, CFO, or direct manager. Asks the employee to buy gift cards for an "office event," "client thank-you," "team appreciation," or other plausible-sounding purpose. Reimbursement promised in the next pay period.

An employee receives an urgent "from the CEO" email or text asking them to buy gift cards for a company event. The address looks legitimate or is spoofed; the request is timed when the real executive is in meetings or traveling. The employee buys the cards, sends the codes, and the reimbursement never arrives. Per the FBI, this is a top BEC sub-variant; the FTC issued a January 2026 consumer alert titled "No, that's not your boss asking you to buy gift cards."

A different victim's story illustrates how the script lands when the employee is new and conflict-averse. The author of an r/Scams thread (315 upvotes) describes their first week at a new marketing firm. Mid-afternoon they received an email that appeared to be from the CEO, sent to the employee's personal email rather than work email "because I'm in back-to-back meetings and don't want to miss this." The CEO needed help with a client appreciation gift — could the employee buy ten $100 Amazon gift cards from the closest Walgreens, send photos of the codes, and submit for reimbursement when they got back to the office? The request was urgent because the CEO needed to send the cards within the hour. The employee, eager to make a good impression, drove to Walgreens and bought $1,000 in Amazon cards. They sent the photos. They never heard back. The real CEO had been in a leadership offsite all afternoon and had sent no such email; the message had used a lookalike domain (the real domain plus an extra character) that was easy to miss on a phone screen.

The FBI's Phoenix Field Office published a Tech Tuesday alert documenting the script's structural fit with broader Business Email Compromise patterns. The variant works because it exploits two reliable structural features of corporate communication: executives do occasionally make unusual requests by email or text, and employees are conditioned not to question those requests too aggressively. The scammer's research is light — the company name, the executive's name, the employee's name and contact info (often scraped from LinkedIn or a public team-page), and a plausible-sounding pretext. The send timing is calibrated to when the real executive is unreachable, so the employee can't immediately verify. The FTC's January 2026 alert puts the response simply: "No, that's not your boss asking you to buy gift cards." If the request feels off, it is.

What stops it is verification through a separate channel. If a boss-level email or text asks you to buy gift cards, do not respond to that channel. Verify through a different channel — a face-to-face hallway conversation, a phone call to a number you already have for the executive, a Slack DM you initiate yourself. Real executives welcome verification calls; scammers escalate the urgency to discourage them. If the verification confirms the request was legitimate (extremely rare), proceed normally. If the verification confirms it was fake (the common case), report to your IT or security team, file at reportfraud.ftc.gov, and forward the email or text headers to your security team for analysis. If you have already purchased and sent codes, call the issuer's fraud line on the number from the back of the cards within the first hour — recovery is possible only if the codes have not yet been redeemed.

Red Flags

  • Email or text from "the CEO" or "the CFO" sent to your personal email or phone rather than work channels
  • Sender's email domain is a lookalike (extra character, swapped letter) or "From:" name doesn't match the domain
  • Urgent timing — "I need this in the next hour," "I'm in meetings, can't talk"
  • Request specifies retailer (Amazon, Apple, Walmart) and dollar amount, asks for codes by photo or text
  • Reimbursement promised in next pay period or via expense report — pre-payment by employee is the diagnostic

How to Avoid

  • Never act on a gift-card request from any "executive" without verifying through a separate channel — face-to-face, phone call, Slack DM you initiate.
  • Real executives do not ask employees to pre-pay for company purchases via personal funds. Procurement, corporate cards, and AP exist for a reason.
  • Check the sender's email domain carefully. Lookalike domains (one character off) are a common BEC tell.
  • Forward suspicious emails to your IT/security team for forensic analysis BEFORE replying or buying anything.
  • If you've already purchased and sent codes: call the gift-card issuer's fraud line within the first hour (Apple 1-800-275-2273, Target 1-800-544-2943, Walmart 1-888-537-5503, Amazon 1-888-280-4331). Then file at reportfraud.ftc.gov.
"No, that's not your boss asking you to buy gift cards." FTC consumer alert, January 2026

The boss-impersonation variant runs in corporate inboxes. The next variant runs everywhere else — phone, email, text — under whatever government or service brand the scammer chooses to wear.

Variant #2
Government / Utility / Tech-Support Outbound Demand
⚠️ High
💬 Channel: Inbound phone call, robocall, or follow-up text. Caller claims to be IRS, SSA, sheriff, utility company, Microsoft/Apple/Norton support, or another authority. Demands payment in gift cards under threat of arrest, service shutoff, computer compromise, or benefit suspension.

A caller poses as a government agency, utility company, or tech-support service and demands urgent payment in gift cards to resolve a fabricated emergency — back taxes, jury-duty fine, utility shutoff, computer infection, suspended Social Security benefits. The victim is coached to a retailer, told which brand to buy, and walked through reading the codes back. No legitimate authority accepts gift cards. The FTC's one-sentence rule covers every script variant.

The variant is the universal extraction layer that sits on top of nearly every other elder-targeted phone scam in this corpus. The IRS-impersonation version (covered in detail on the Medicare & Elder-Targeted Scams page) demands gift cards as "back tax" payment. The jury-duty version demands them as a "court fine." The utility version demands them as an "emergency reconnection fee." The tech-support version demands them as an "antivirus subscription" or "refund overpayment." The Microsoft/Apple-support pop-up version demands them as a "diagnostic fee." Every variant terminates at the same retail counter: a victim with a stack of physical gift cards, a phone pressed to their ear, and a scammer on the other end coaching them through the code-transfer.

The retail-counter perspective is documented across r/retailhell, r/lossprevention, and r/Scams. The 989-upvote r/retailhell thread that opens this page is one example; the r/Scams thread "[US] How does this gift card scam work? Did the cashier scam me?" (259 upvotes) is another, focused on a victim trying to understand after the fact why the cashier seemed concerned. The volume is high enough that most major U.S. retailers — Target, Walmart, Best Buy, CVS, Walgreens — have implemented cashier-training programs that prompt staff to ask scripted questions when a customer presents a large stack of high-denomination gift cards. The questions ("Is this a gift?" "Who asked you to buy these?") are designed to break the scammer's script by introducing a friendly third party. When the cashier intervention works — as in the r/retailhell hook story — the customer leaves the store with their money intact. When it fails, the cards leave with the codes already photographed and sent.

If a stranger on the phone tells you to pay any agency or service via gift cards, hang up. The IRS does not accept gift cards. The Social Security Administration does not. Sheriffs, courts, utility companies, tech-support services, and your bank do not. Verify any "agency" call by hanging up and calling the agency's published main number from their official website — never the number that called you, never a number provided by the caller. Real agencies welcome callbacks and provide caller ID + case-number verification. If you have already purchased and sent gift cards, call the issuer's fraud line (Apple 1-800-275-2273, Target 1-800-544-2943, Walmart 1-888-537-5503, Amazon 1-888-280-4331) within the first hour — recovery is possible only if the codes have not been redeemed. Then file at reportfraud.ftc.gov, at ic3.gov for losses over $1,000, and at your state attorney general's consumer-protection unit.

Red Flags

  • Inbound phone call, robocall, or text claiming to be from any agency or service demanding payment in gift cards
  • Time pressure — "warrant in 2 hours," "service cuts at 5pm," "computer locked until paid"
  • Caller stays on the phone with you while you drive to the store and buy the cards
  • Caller asks you to read the codes aloud, photograph them, or send them by text/email
  • Caller specifies retailer and brand — Apple cards from Walgreens, Target cards from CVS — to maximize redemption speed

How to Avoid

  • Hang up. No agency, utility, hospital, court, or tech-support service accepts gift-card payment. The request itself is the diagnostic.
  • If unsure, hang up and verify by calling the agency's published main number from their official website. Never use a number provided by the caller.
  • If a cashier or store manager asks whether your gift-card purchase is for the IRS / a phone-call request, listen to them. They have seen this script before and they may save you from completing it.
  • For elderly relatives at higher risk, set up phone-side defenses: enable carrier robocall blocking, install a contact-list-only phone (Raz Memory Cell Phone or equivalent), and post the FTC's one-sentence rule next to their phone.
  • If you've already purchased and sent codes: issuer fraud line within the first hour, then reportfraud.ftc.gov, then ic3.gov.
"Anyone who tells you to pay with a gift card is a scammer." FTC Consumer Advice on Gift Card Scams

The first two variants attack the victim through pretext. The third variant attacks the gift card itself — before any victim has even bought it.

Variant #3
In-Store Card-Draining (Sticker Overlay + Blister Pack)
⚠️ High
💬 Channel: Physical retail aisle. Thieves remove gift cards from store display racks, manipulate them (sticker overlay, blister-pack heat-reseal, NFC skim), and place them back. Legitimate buyers later purchase the tampered cards; the scammer drains the value once the card is activated at checkout.

Thieves tamper with physical gift cards on retail display racks before legitimate buyers purchase them. Methods include barcode-sticker overlay (your payment loads onto the scammer's card), blister-pack heat-reseal (scammer recorded the numbers; drains the moment you activate at checkout), and NFC tap-to-clone skimming. Maryland passed the first state law against this in 2024; Target redesigned its gift cards with blank codes and cashier-applied security labels.

The mechanism was explained at scale by an r/explainlikeimfive thread (1,007 upvotes) titled "ELI5: How do scammers extract money from the gift cards they get?" The top community answer walked through the ecosystem: scammers operate gift-card resale markets where cards with confirmed balances trade for 70-85 cents on the dollar, scammers run automated balance-checking bots that hammer issuer APIs to detect when a tampered card has been activated, and scammers maintain bulk-redemption infrastructure that converts cards to cryptocurrency, online merchandise, or other gift cards within minutes of activation. The card-draining variant fits into this ecosystem at the "supply" end: the thief in the retail aisle isn't the same person who eventually drains the balance; they sell the card numbers (or the access to the cards) into a wholesale market that handles the redemption. The vertical integration is what makes the scheme economical at scale.

Per TheStreet's coverage of FTC and BBB warnings: "Thieves are using several methods, including fake barcode stickers that redirect your money to a criminal's card, packages resealed with heat tools after thieves record the numbers, and tap-to-clone NFC skimming, allowing funds to be stolen instantly." The retailer-side response has been substantial. Target announced a redesigned gift card in 2024 with a blank space where codes used to be — a cashier applies a security access label at checkout, which simultaneously activates the card and applies tamper-evident seal over the code. Walmart, CVS, and Walgreens have rolled out similar measures. Maryland's Gift Card Scams Prevention Act of 2024 — the nation's first state law against card-draining — requires retailers to take similar precautions. Other states have draft legislation in committee.

For a buyer, what works is upstream of the rack. Don't buy gift cards from the front of a store display rack — those have been there longest and have the most opportunity for tampering. Buy from the back of the rack, ask a cashier to retrieve cards from behind the counter, or — best — buy digital gift cards via the retailer's official app or website. Run your finger over the back of any physical card to feel for stickers placed over the barcode or PIN; any tactile bump is a red flag. Check the packaging for resealing signs (heat-shrunk plastic, glue residue, unusual creases). At retailers with secure-cashier programs (Target's blank-code redesign, several state-level requirements), ask the cashier to apply the security label at checkout. Verify the card balance via the retailer's official app or website immediately after activation. If the balance shows zero or partial when you've just bought the card, you've bought a drained card — return immediately to the store with the receipt and call the issuer's fraud line.

Red Flags

  • Gift card displayed at the front of the rack — most exposed to in-aisle tampering time
  • Tactile bump on the back of the card when you run a finger over the barcode or PIN area (sticker overlay)
  • Blister-pack packaging with heat-shrunk creases, glue residue, or unusual edges
  • Card balance shows zero or partial when you check via the issuer's app immediately after activation
  • Card from a retailer that has NOT implemented blank-code + cashier-applied security labels (still vulnerable to overlay fraud)

How to Avoid

  • Buy gift cards from the back of the rack or from behind the cashier counter — never from the front of the display.
  • Run your finger over the back of every physical card before purchase. Any tactile bump is a red flag.
  • Prefer digital gift cards delivered via the retailer's official app or website over physical cards when possible.
  • At Target, ask the cashier to apply the security label at checkout (the redesigned cards have a blank space where codes used to be). Walmart, CVS, and Walgreens have similar programs.
  • Verify the card balance via the retailer's official app or website immediately after activation. Drained cards show zero balance immediately; return to the store with the receipt within 24 hours and call the issuer's fraud line (Apple 1-800-275-2273, Target 1-800-544-2943, etc.).
"All Target GiftCards sold in stores now have a blank space where codes used to be. At checkout, a team member will apply a security access label to the gift card, reducing the potential for fraud." Target via AARP, 2024 gift-card redesign announcement

The Numbers (and Where They Come From)

Every figure below is from a primary source with the verbatim quote on file in our research log.

$217M
FTC 2024 total gift-card-scam losses across 41,000+ reports. The official figure undercounts the real total because most victims do not report. Gift cards remain a top-tier fraud-payment method across all categories.
Source: FTC Consumer Sentinel 2024 Data Book · ✓ verified
16%
Share of older-adult fraud-loss reports where gift cards were the payment method, per FTC 2024 data. Second only to credit cards (26%) and ahead of bank transfers and cryptocurrency.
Source: FTC older-adult fraud data · ✓ verified
~25%
Share of all FTC fraud-loss reports where the payment was via gift card numbers. Roughly one in four fraud victims report the loss happened when a scammer tricked them into giving the numbers on the back of a card.
Source: FTC gift-card data spotlight · ✓ verified
2024
Year Maryland passed the first state law against gift-card draining (Gift Card Scams Prevention Act of 2024) and Target redesigned its physical gift cards with blank codes + cashier-applied security labels. Other state legislation is pending.
Source: ProPublica investigation · ✓ verified

One additional fact worth knowing: per the FTC's 2024 Consumer Sentinel data, gift cards are the top demanded payment method by fraudsters across the broader scam ecosystem — used in tech-support scams, IRS-impersonation scams, sheriff-impersonation scams, utility-shutoff scams, romance scams, and grandparent-emergency scams. The volume is high enough that most major U.S. retailers now run cashier-training programs that prompt staff to intervene when a customer presents a large stack of high-denomination cards while on a phone call. The scripted intervention saves an estimated millions of dollars per year in losses that would otherwise have completed at the register.

📌 Why gift cards keep working as a scam rail (and why it's structurally hard to fix)

Three structural factors make gift cards the persistent top-tier scam-payment method. First: gift cards are cash-equivalent and irreversible by design. Once a scammer has the code and PIN, the value is theirs to spend, transfer, or resell — there is no chargeback, no recall, and no buyer protection equivalent to a credit card or PayPal. Second: gift cards are universally available with no friction. Every grocery store, drugstore, gas station, and big-box retailer in the U.S. sells them in $25-$500 denominations, with no ID requirement and minimal cashier scrutiny. The frictionless availability is good for legitimate buyers (gift-giving is the legitimate use case) and equally good for scam coaching. Third: gift-card resale markets are mature and global. A scammer who acquires $5,000 in Apple cards can convert to crypto within an hour through any of dozens of resale platforms operating from non-cooperating jurisdictions.

Two interventions have moved the needle. First: cashier training at major retailers, which catches a meaningful share of in-store scam transactions before they complete. Second: card-design changes (Target's blank-code redesign, similar moves at other major retailers) which make sticker-overlay and blister-pack tampering harder. Maryland's 2024 state law adds a third: legal accountability for retailers who don't implement reasonable anti-tampering measures. Other states have draft legislation in committee.

The structural fix that would meaningfully reduce gift-card scam losses is harder: eliminating the no-ID-required cash-out path. As long as a scammer with $5,000 in card numbers can convert to laundered value within an hour, the demand-side incentive remains. Retailers and issuers have explored ID-required activation for high-value cards, but the friction conflicts with legitimate gift-giving use cases. The user-side defense (the FTC's one-sentence rule) remains the intervention that scales because it works regardless of which retailer's cards the scammer is asking for.

Recovery Reality (and Why the First Hour Matters)

Recovery from gift-card-scam losses is rare but possible — and depends almost entirely on how fast the victim acts. Three time horizons matter.

Within the first hour: the highest-probability recovery window. Call the issuer's fraud line on the number from the back of the card (Apple 1-800-275-2273, Target 1-800-544-2943, Walmart 1-888-537-5503, Amazon 1-888-280-4331, Best Buy 1-888-237-8289, eBay/Visa/Mastercard via their websites — full list at ftc.gov/giftcards). Report the cards as stolen; if the codes have not yet been redeemed, the issuer can sometimes freeze the cards and refund the value. The issuer's fraud-team intervention works because most scam redemptions happen 30-90 minutes after the codes are received — fast enough to drain the value at scale, slow enough that victims who report immediately can still beat the redemption.

Within 24 hours: reduced but non-zero recovery. Some issuers will still investigate cards reported within 24 hours and may refund partial value if the redemption pattern matches known fraud signatures. The success rate is meaningfully lower than the first-hour window but still worth the call.

After 24 hours: recovery is essentially zero. The cards have been redeemed, the value has converted through wholesale resale infrastructure, and the funds are gone. At this point the response shifts from recovery to documentation: file at reportfraud.ftc.gov for federal data tracking, file at ic3.gov for losses over $1,000, file at your state attorney general's consumer-protection unit, and document the script for law enforcement use. Reporting feeds enforcement priorities even when individual recovery is impossible. Do NOT pay any third party who DMs you offering "gift card recovery services" — that is the recovery-scam parasite layer (see Recovery Scams).

🆘 What to Do If You've Been Gift-Card-Scammed

📞 Issuer Fraud Line — Within First Hour

Call the issuer immediately. Apple 1-800-275-2273, Target 1-800-544-2943, Walmart 1-888-537-5503, Amazon 1-888-280-4331, Best Buy 1-888-237-8289. Full list at ftc.gov/giftcards. Report the cards as stolen — the issuer can sometimes freeze unredeemed cards and refund the value.

📋 FTC Report — Same Day

File at reportfraud.ftc.gov for federal data tracking. The FTC uses gift-card-scam reports to feed retailer cooperation programs and to identify large-volume operators.

🏛 IC3 — If Loss Over $1,000

For losses over $1,000, also file at ic3.gov. The FBI's Financial Fraud Kill Chain has limited recovery capacity for gift-card scams (the rail does not have wire-recall mechanisms) but the report still feeds enforcement priorities.

⚖️ State AG Consumer Protection

Search "[your state] attorney general consumer protection." State AGs increasingly bring civil actions against gift-card resale operators (Maryland's 2024 law was the first; other states are active). State-level filings build the case for action.

🛡 Workplace Reporting (BEC)

If the scam was a boss-impersonation request, forward the original email or text to your IT/security team for forensic analysis. Do not delete the message. Many corporate security teams maintain BEC databases that track lookalike domains and recurring scammer infrastructure.

💬 Ignore Recovery DMs

Within hours of any public victim post, recovery-scam DMs will arrive promising to recover your money for an upfront fee. Block all of them. The legitimate recovery channels are above; recovery scammers are the parasite layer.

📖 Coming Soon · tabiji.ai General Scams
If you're caring for a parent who keeps getting calls demanding gift cards, the full book covers 30+ scams across phone, text, online, and in-person channels — same federal-source-verified research as this guide.
$4.99 on Kindle when it ships · Notify me →
See current titles →

If You're Reporting Outside the United States

Gift-card scams are global. The same scripts run against UK, Canadian, Australian, and EU victims with locally-issued gift cards (Apple, Amazon, regional retailer brands).

Frequently Asked Questions

A gift-card scam is any fraud that uses gift cards as the payment rail — either to extract value from a victim (the scammer demands gift cards as payment for a fake debt, fake job, or fake emergency) or to manipulate the gift cards themselves (sticker-overlay barcode swaps, blister-pack tampering, NFC tap-to-clone). Per the FTC's 2024 Consumer Sentinel data, U.S. consumers lost $217 million to gift-card scams across 41,000+ reports in 2024, with gift cards ranking as the second-most-reported fraud-payment method by older adults at 16% of loss reports. The FTC's one-sentence guidance: "Anyone who tells you to pay with a gift card is a scammer."
Three reasons. First, gift-card numbers are as good as cash — once a scammer has the card number and PIN, they can immediately resell or redeem the value online without identity verification. Second, gift-card transactions are non-reversible by the victim — there is no equivalent to a credit-card chargeback or wire-recall. Third, gift cards are widely available at every grocery store, drugstore, and gas station in the U.S., so victims can be coached to buy them on a phone call without raising bank-account-level fraud flags. The combination makes gift cards the FTC-documented top payment method demanded by fraudsters across all categories.
The FTC's one-sentence rule: "Anyone who tells you to pay with a gift card is a scammer." No legitimate business, employer, government agency, utility, hospital, court, or service ever requests payment via gift cards. The IRS does not. The Social Security Administration does not. Your boss does not. Your utility company does not. Apple/Google/Microsoft tech support does not. The Postal Inspection Service does not. Any inbound request — by phone, email, text, or in-person — to pay something via gift cards is the diagnostic. Hang up, delete the email, exit the chat. The same rule covers 99% of the variants on this page.
Gift-card draining is in-store tampering where thieves manipulate gift cards on retail display racks before legitimate buyers purchase them. Methods include placing fake barcode stickers over the real barcode (so the customer's payment loads onto a different card the scammer controls), opening blister packs and resealing them with heat tools after recording the card numbers (so the scammer drains the value the moment the customer activates the card at checkout), and NFC tap-to-clone skimming on contactless-enabled cards. Maryland passed the nation's first state law against gift-card draining in 2024, and Target redesigned its gift cards the same year — store cards now have a blank space where codes used to be, and a cashier applies a security access label at checkout. Always check the back of a gift card for sticker tampering before buying.
An employee receives an urgent email or text — often from a spoofed address impersonating the CEO, CFO, or direct manager — asking them to buy gift cards for a "company event," "office surprise," "client thank-you," or other plausible-sounding purpose. The message asks the employee to reply with the gift-card numbers and PINs once purchased, with reimbursement promised in the next pay period. The reimbursement never happens; the cards are drained within minutes of the codes being shared. Per the FBI, gift-card requests are now a common Business Email Compromise (BEC) sub-variant. The FTC issued a January 2026 consumer alert headlined "No, that's not your boss asking you to buy gift cards." Verify any unusual gift-card request through a separate communication channel — a face-to-face conversation, a phone call to a number you already have for the executive — before purchasing anything.
Recovery rates are low but not zero — and speed matters more than completeness. The FTC operates a dedicated reporting page at ftc.gov/giftcards that lists each major retailer's fraud-reporting hotline (Apple, Target, Walmart, Amazon, Best Buy, eBay, Google Play, Visa, Mastercard, American Express). Call the issuer immediately and report the cards as stolen — if the cards have not yet been redeemed, the issuer can sometimes freeze them and refund the value. Most successful refunds happen within hours of purchase; recovery drops sharply after 24 hours. Also file at reportfraud.ftc.gov and at ic3.gov for losses over $1,000. Do not pay any third party who DMs you offering "gift card recovery services" — that is a recovery scam (see /scams/everywhere/recovery-scams/).
Five rules. First: do not buy gift cards from the front of a store display rack — those are the cards thieves have already had time to tamper with. Buy from the back of the rack or ask a cashier to retrieve cards from behind the counter. Second: run your finger over the back of the card to feel for stickers placed over the barcode or PIN. Any tactile bump is a red flag. Third: check the packaging for signs of resealing — heat-shrunk plastic, glue residue, or unusual creases. Fourth: prefer digital gift cards delivered via the retailer's official app or website over physical cards when possible. Fifth: at retailers that have implemented secure-cashier programs (Target's blank-code redesign, several state-level requirements), ask the cashier to apply the security label at checkout. Verify the card balance via the retailer's official app or website immediately after purchase.
Report to the issuer first, then to federal agencies. Issuer-specific fraud lines (each at the bottom of the back of the gift card, or via the brand's website): Apple/iTunes 1-800-275-2273, Target 1-800-544-2943, Walmart 1-888-537-5503, Amazon 1-888-280-4331, Best Buy 1-888-237-8289, eBay/Mastercard/Visa via their websites. The FTC maintains a one-page reference at ftc.gov/giftcards that lists every major issuer's fraud reporting channel. Then file at reportfraud.ftc.gov for federal data tracking, at ic3.gov for losses over $1,000 (FBI), and at your state attorney general's consumer-protection unit. Reporting feeds federal enforcement priorities and may flag the scammer's account for cross-issuer investigation.

📚 Source Threads (Reddit, 2024–2026)

The cashier-perspective canonical

"Customer bought $5,000 in gift card scam" — r/retailhell, 989 upvotes. The retail-counter perspective on the IRS-impersonation script, including the cashier-intervention pattern that catches some victims mid-purchase.

The mechanism explainer

"ELI5: How do scammers extract money from the gift cards they get?" — r/explainlikeimfive, 1,007 upvotes. Top community answer walks through the redemption ecosystem.

The boss-impersonation victim

"Gift card scam - I feel SO DUMB" — r/Scams, 315 upvotes. New employee falls for spoofed-CEO email asking for $1,000 in Amazon cards.

The card-draining victim

"I am a gift card draining victim 😭" — r/Scams, 75 upvotes. Documents the sticker-overlay variant after the customer noticed the balance was zero immediately after activation.

FTC consumer alert

FTC Consumer Advice on Gift Card Scams — primary federal source. Includes the one-sentence rule and issuer-specific fraud-line directory at ftc.gov/giftcards.

FTC boss-impersonation alert

"No, that's not your boss asking you to buy gift cards" — primary federal source on the BEC sub-variant.

Related Reading

Gift-card scams overlap with several other scam mechanisms documented on tabiji. Internal: the Everywhere hub; Medicare & Elder-Targeted Scams (gift cards are the dominant payment rail for IRS-impersonation, sheriff-impersonation, and utility-shutoff variants); Tech-Support Scams (the Geek Squad / Norton refund-overpayment variant ends at gift-card extraction); Recovery Scams (gift-card victims who post publicly become recovery-scam targets within hours); Fake Job Offers (the boss-impersonation BEC variant uses the same script as the gift-card BEC); Marketplace Scams (some sellers are tricked into accepting gift cards as payment for items). External authorities: the FTC Consumer Advice on Gift Card Scams; ftc.gov/giftcards (issuer fraud-line directory); AARP Fraud Watch on gift-card scams; ProPublica investigation on the Maryland Gift Card Scams Prevention Act.

This page is consumer education, not legal or financial advice. The scams documented here are real and the defenses are drawn from patterns across 4,045+ Reddit posts and comments (276 threads, 3,769 comments) plus the federal-agency, NGO, and industry sources cited inline, but every situation is different. If you have lost money to gift-card fraud, call the issuer's fraud line first, then file at reportfraud.ftc.gov and ic3.gov, and consult a licensed attorney through your state bar's lawyer-referral service before paying anyone for "recovery" services. Reddit thread upvote counts are reported as of April 2026 and may have changed since publication. Last updated: April 30, 2026. Next scheduled refresh: July 30, 2026.