No need to check the signature since I already downloaded from the original website. Electrum.org and I double verified before I downloaded. Also, I changed the name of the setup. thing is really weird because I am not connecting to this server at all. I get this msg even when I am into a different server.
What kind of verification that you did? Checking the site name twice?
Remember that it is also possible that your DNS was hijacked, so you've download a malicious app. I'd rather verify it just to be safe.
Excuse me... So even you cannot be sure in security! For example, before installing electrum you need to install a correct OS. How can you be sure your OS is real! Maybe you downloaded your OS ( for example, ubuntu) not from real ubuntu.com, but someone hijacked your DNS...
that is why the concept of
checking the authenticity of a downloaded file was invented. which means you download anything from the internet and then check its authenticity with a key that you trust. under the hood the (asymmetric) cryptography that is used gives an easy way of verifying that with virtually zero chance of fault.
the most common case is usage of PGP signatures. which means when you download Ububtu for example you verify the ISO file signature against the public key using the cryptographic scheme that was used and if you get a "thumbs up" you can be sure it was the real OS.
so now it doesn't matter where you download the file from, you don't even have to go to ubuntu.com, you can go to anywhereelseevenafakesite.com and download the ISO and as long as you verify its signature with the real public key and get the valid signature you will be good to go.