That's correct. Tom was in a hurry and downloaded the first result that Google displayed. The first displayed result in Chrome is often a Google ad, and often these types of ads have been used to direct users to fake phishing sites and malware infected wallets. If Tom has acted smarter and done some research, he would have realized that electrum.org . uk is a phishing site. The only official site of Electrum is https://electrum.org/#home and there is even a warning at the top of the page that informs users not to download the wallet from any other sites.

The software he downloaded from the fake site was malware-infected. It was designed to empty the wallets of its users and send the transactions back to the hackers. Tom also didn't follow the recommendations on Electrum.org to verify the signatures of the wallet he downloaded. Had he done that, he would have realized that he was using a fake app.