Internet security firm Symantec has warned LinkedIn users to be careful of phishing emails claiming to be sourced from LinkedIn’s support team.

Symantec said that it has observed an increase in phishing emails claiming to be from the US-based firm’s support team over the last week. The phishing email claims that the user’s account has irregular activity, and recommends a ‘security update’ for the account. The user is then asked to download an attached form in HTML format and follow the instructions mentioned.

“Due to irregular activities your LinkedIn account has been subjected to compulsory security update. LinkedIn may sometimes deny logins in cases where we believe the account could have been compromised. To do this we developed a new secure way that keeps your account safe. We have attached a form to this mail to complete this process. Please, download the form and follow the instructions on your screen,” the alleged email reads.

The security firm claims that the attachment is a copy of the real LinkedIn.com website.

“However, the website’s source has been modified, so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker,” Symantec warned.

The email in question uses a lowercase ‘i’ to spell LinkedIn, instead of capital ‘I’ as used by the firm.

“The difference in characters is indiscernible to the eye and functions as a way to evade mail filters. Also, the HTML attachment method bypasses browser blacklists that often flag suspicious websites to help prevent users from being phished,” the advisory said.

To be on a safer side, Symantec has advised LinkedIn users to turn on two-step verification as this would prevent an attacker to gain access to the account even in case a user’s credentials are compromised.