So in resume as long the user dont download the software in the notification the transactions can be done safely?
I believe so yes. If you get a pop-up, i think the best thing you can do is force-close electrum, and connect to another server.
The only way to lose your funds AFAIK, is to download the fake electrum, and then run it.
It might be possible that it can
only steal your credentials (seed, private key) after you entered them in the "Fake" Electrum wallet, but i wouldn't be so sure of that, especially if your original electrum wallet file wasn't encrypted.