
Quick answer: recovery is not guaranteed, but speed and evidence improve your options. Stop contact with the scammer, do not send more money, contact the gift card issuer and original retailer immediately, secure the email and accounts that exposed the code, notify the bank or platform, and file a report with the Nigerian Police cybercrime portal.
First 15 minutes: contain the incident
- Do not delete or edit the chat.
- Stop sending codes, fees, identity documents, or payment screenshots.
- Secure the email, retailer, social, and trading accounts involved.
- Revoke unknown sessions and change reused passwords from a clean device.
- Contact the issuer through its official support page and say the code was exposed in a suspected scam.
Build one evidence package
-
Original card and receipt
Why it matters: Connects the code to purchase and activation
How to preserve it: Keep originals; photograph privately without publishing the code
-
Chat and account identity
Why it matters: Shows representations, urgency, numbers, and usernames
How to preserve it: Export chats and capture account URLs plus profile details
-
Timeline
Why it matters: Narrows when the code left your control
How to preserve it: Use exact dates, times, time zone, and order IDs
-
Bank or wallet records
Why it matters: Shows related transfers and beneficiaries
How to preserve it: Download statements or transaction receipts from your account
-
Issuer/platform tickets
Why it matters: Shows prompt notice and official findings
How to preserve it: Save ticket numbers, emails, and full responses

Contact the issuer and retailer
The issuer controls redemption status. The retailer may control purchase, activation, and refund eligibility. Give them the purchase evidence, serial details, exact exposure time, and first error. Ask whether the code can be frozen, replaced, or traced under their policy. Do not claim a remedy is guaranteed.
The FTC advises contacting the gift card company immediately and asking for money back, even though results vary. Steam tells victims to keep the cards and receipt and report to local police after giving codes to a scammer. Apple and Google publish separate official support routes for their products.
Notify the trading platform
If the loss happened during an app order, give the order ID, submission time, exact status, and evidence of the first exposure. Ask the platform to preserve logs and restrict the transaction while it investigates. Do not submit the same code to another platform. If an employee impersonator contacted you, include the unofficial number and the real support ticket.
Use the issuer-specific route
For Apple, use Apple’s gift card support and prepare the serial, receipt, and full card images. For Google Play, use the official redemption-error or review form linked in Google Help. For Steam Wallet, keep the card and matching receipt and open Steam Support. An issuer may be unable to return redeemed value, but it is still the authoritative source for status and available remedies.
Do not contaminate the evidence
Keep original files read-only where possible and work from copies. Note your local time zone, because platform and issuer logs may use another zone. If a phone number, username, or bank beneficiary changes during the scam, record each version rather than replacing the old one in your notes.
Notify the bank or payment provider
When Naira also moved, contact the bank immediately using its official fraud channel. Provide the transaction reference and beneficiary. Ask what recall, restriction, or investigation options apply. Never rely on the scammer’s bank contact or share your PIN and OTP.
Report cybercrime in Nigeria
The NPF National Cybercrime Centre portal accepts structured reports with evidence such as screenshots and bank records. File facts, not exaggerated conclusions. Include the card brand and amount, purchase record, suspect account details, code-exposure time, payment references, and steps already taken. Keep the report reference.
Where a consumer-facing business failed to address a documented service complaint, FCCPC also provides a complaint route. The appropriate body depends on the facts and jurisdiction.
What not to do
- Do not publish the full code to prove the scam.
- Do not threaten or impersonate police to force repayment.
- Do not pay an online investigator without independently verifying credentials and scope.
- Do not edit receipts, timestamps, or screenshots.
- Do not assume a recovery promise from issuer, bank, police, or platform is certain.