In Mia Ash's case, her identity had been meticulously constructed over more than a year by an international hacking gang
One can understand how he fell for her. Dark-eyed and alluring, with glossy hair worn in a sexy, tousled style, Mia Ash was 30 years old, a well-educated, successful photographer based in London, independent-minded and looking for love.
The middle-aged executive she approached online was captivated.
He, too, had an interest in photography and they fell into regular conversation via social media, first exchanging views on her portfolio of work, then broadening it to his job, their hobbies, travel experiences and their hopes for the future.
Before long, their chats were highly flirtatious, bordering on intimate.
And if the executive had any suspicions about Mia, they would soon have been allayed by her extensive profile on Facebook, where she had more than 500 'friends', plus hundreds more on LinkedIn, the business social networking site she'd used to contact him, and numerous posts on Instagram.
Mia was clearly a well-connected, sophisticated woman — a friend of several well-known photographers — who had set up her own business in 2014 and was going places.
If he'd wanted to know more, he could have discovered she came from Great Wyrley in Staffordshire and had attended the Royal Academy of Arts, where she obtained a BA in fine art, followed by Goldsmiths, University of London, where she studied for an MA.
She had started her career as an assistant at the trendy Clapham Picturehouse in south-west London, before staff jobs at various photographic studios.
She was into indie music and conservation issues and her relationship status was 'It's complicated', a social media phrase that signals availability.
So all in all it was a potential match made, if not in heaven, then in cyberspace.
But sadly there was one big problem: Mia Ash didn't exist.
Instead, she is the incarnation of a modern honey trap.
Using beautiful women to lever secrets from vain, sexually adventurous men is the oldest trick in the espionage book. Now, though, honey-trappers stalk the internet, trawling for gullible males with powerful information to steal.
A photograph chosen to represent her, as well as numerous selfies, were lifted from the social media accounts of an innocent Romanian student and blogger. Before Ms Ash 'disappeared' from the internet in February, she is reported to have lured senior figures in sensitive industries in the U.S., Israel, India and Saudi Arabia into revealing confidential data that would be dynamite for a rival nation such as Iran — the chief suspect in this case
And the femmes fatales? They are fake, existing only in pixels.
Ms Ash's identity had been meticulously constructed over more than a year by an international hacking gang. A photograph chosen to represent her, as well as numerous selfies, were lifted from the social media accounts of an innocent Romanian student and blogger.
Ms Ash's starry CV and status updates were carefully crafted to mimic those of genuine creative professionals on LinkedIn.
Before Ms Ash 'disappeared' from the internet in February, she is reported to have lured senior figures in sensitive industries in the U.S., Israel, India and Saudi Arabia into revealing confidential data that would be dynamite for a rival nation such as Iran — the chief suspect in this case.
It wasn't intelligence agencies who caught her out, though. It was a computer.
Ms Ash had been getting on so well with her latest conquest — an executive in the Middle East — she had asked for a little favour.
It sounded so innocent: she needed to collate feedback for a photography survey. Would he mind completing an Excel program spreadsheet she'd send to him as an email attachment? He'd have to do this on his office computer, otherwise the technology might play up, she said.
In truth, of course, the reason was so she could get access to his company's IT system. Gulled by a month of internet footsie-playing, Ms Ash's latest conquest did just as instructed.
But the email attachment her controllers sent was a 'Trojan horse' which smuggled spyware or malware into the company's main system. There, the program, called PupyRAT, was poised to steal corporate and strategic plans.