Full blockchain nodes actually check not only the block headers, but also every transaction in the block body before accepting that block. If any transaction in the block doesn't "add up" (i.e. its inputs do not match the current accepted balance of those addresses, signatures, etc) then the block will not be accepted as valid.
This is where "light" bitcoin clients (the ones that do not download the full blockchain) have to trust a full-mode node to tell them the "truth" about previous transactions. If the full-mode node is malicious it can certainly trick these light client peers that are connected to it.