I heard one case here before where OP lost his funds in Electrum due to such an old version of Electrum he failed to update the app with time and when he returned after a long period of time he then tried to update the Electrum from that fake link and fall prey to a scam which lost him a lot of money.
Which is exactly my point. Scammers can make fake software, fake apps, fake websites, fake download pages, but they
cannot make fake GPG signatures. Once you know how to do it, it takes less than 20 seconds to verify a download against a public key in your keystore. Do this simple thing with every new version you download and you will never fall victim to such scams.
And of course if he spend some time on official page of download
Being on the official website, although smart, is insufficient to guarantee your safety. Scammers could either have hacked the official website, or hacked the download server that it points to. Once again, if you
verify the signature of what you download, then you will be protected from such scams.