Let's take a more obvious case: Suppose you're running a Bitcoin exchange, and people are dumb enough to sign up for an account on it and give you their banking details. You have a copy of their id, their checking account number, their social security number, etc.
The person puts an order for $100,000 in Dogecoin on the exchange, and you'd like more information before you process it in case its fraudulent. So you call up their bank and pretend to be them, using all the information they've given you to bypass their security questions. Then you ask the representative to have a year's worth of statements sent to you via email. Bank of America will mail them to you for free.
This seems like it should be fraud, even though they didn't steal any money.
There's a couple differences:
* They used a email to trick the target rather than the telephone. Telephone has a history of regulations associated with it.
* They're tricking your employer rather than your bank. Regulations surrounding banks are tighter, so this might only be fraud if it deals with a bank.
* They may have used fewer documents when authenticating themselves. For example, they probably don't have your government id, so they likely only sent publicly available information when identifying themselves.
* They may have used an automated system to send the email rather than having someone manually craft it. I don't think this matters, except to make it a little harder to establish intent.
* They're not using this to gain new information, but rather to validate information already given. So no theft of company secrets, unless they ask for more details in the email.
* AngelList is based in California, so depending on where OP or his previous employer were, it might not cross state lines and so could be immune to federal law.
* It's unclear to me what exactly the contents of these emails are. Are they basically like LinkedIn spam, clearly identifiable as such? Or is someone crafting emails by hand and pretending to have a conversation with the manager to get details about the project? Imagine saying you worked at Valve on a secret game, so they called up your manager pretending to be you and ended up getting the release date for Half Life 3. That's fraud.
* It's unclear how they pretended to be the OP. Did they just forge the from: header on the email? Did they log into his gmail account and send an email authenticated from Google's servers? The latter would escalate the crime.
To answer your question, I was mainly thinking identity theft and that they'd fine the AngelList LLC. Exactly which of these differences matters I'm unsure about.
I don't think anyone would seriously care too much about it even if it were illegal though. The worst that would happen would be them being told to stop if enough people complained. It'd be worse if they were doing it to investors.
