Electrum users may be vulnerable to a phishing attack. Attackers send electrum wallets, when vulnerable, pop-up messages stating that new software needs to be downloaded for an update.

The message contains a link to the so-called update, which in reality refers to rogue software that steals bitcoins. It is important that the upgrade request is not accepted until the developers find a permanent fix for this issue.

A detailed explanation of the attack can be found on GitHub.

Vulnerability to similar attacks involving rogue servers in the network can be prevented by hosting a personal Electrum server yourself.