Alex powers up his home computer to check his personal online banking. Upon entering the URL www.banking.com, the website appears, but it requests him to re-enter his credentials, behaving as if it's his first visit. Upon closer inspection of the website URL, Alex notices that the site lacks security indicators, and the web address looks altered. What type of attack is Alex experiencing?