A cybersecurity team at a manufacturing company noticed suspicious activities during routine monitoring. Several employees reported receiving reset password links that appeared legitimate but led to credential theft. Further investigation revealed that someone had configured a rogue access point with the same SSID as the company network, collecting login credentials when users connected to it. The cybersecurity team also found evidence that some network traffic was redirected to an unauthorized system where sensitive data was captured before being forwarded to its intended destination. Which spoofing attack best explains this scenario?