My assumption is that Apple exposes an API or page that can validate a gift card. If someone physically sees that card at Target and is then able to poll Apple with the number, that could go a long way towards enabling a scam. All the scammer needs is some automated mechanism to test whether a card has been activated.

Could be as simple as a balance checking service that either gives a dollar amount or an error code indicating the card isn't active.