Before I got to the school they had employed an instructor who they noticed was very reluctant to fly with students who had not gone first solo, making excuses about the weather etc. After two weeks of this they found out that not only did their new instructor not have an instructors rating, he did not have a pilots licence either, he was however a licensed engineer.
This is a problem that is actually much much broader. My work is in ICT, partly in security, and "authentication" and "authorization" are incredibly hard concepts, first to understand and second to implement.
In the case above, what according to the theory should have happened is that the student checks the credentials of the instructor before flight. Immediate problem comes to mind: how does a student recognise and validate a pilots certificate, an FI ticket, a correct logbook entry (recency!), class rating etc. without having dealt with all that stuff before, and without knowing what even the requirements are for an FI. If you go to a flight school you place your trust in that schools management to make sure you have an adequate plane, adequate instructor and even adequate weather for the flight you're going to undertake.
But this problem is not limited to flight schools. My favourite pet subject is a police officer, stopping you for a spot check or something. They show you their ID, they may wear a uniform, but I know I can fake an ID with some Photoshop (GIMP in my case) work and a laminating machine. Police uniforms are not that hard to acquire too. And since I do not know the hidden safety features of a proper police ID, I can't authenticate him. So what I want to do, someday, is the following: Take his ID, get back in my car, close windows and doors and then call the telephone number for the police. Tell them I'm being stopped by somebody who claims to be a police officer, but I don't trust his claim and can't authenticate his ID. Then read aloud whatever is on the ID and ask the police officer to authenticate that person. See how they react.
With some luck, the police officer on the phone (which I trust because I dialed the number from memory, knowing that that would connect me to the police) verifies the authenticity of the ID. That doesn't automatically authenticate the police officer though: somebody could have taken a copy of a genuine ID, inserted a fake picture and used that. So I should probably also ask him for another ID (a passport or drivers license perhaps) which I do know the security features of, and use that to verify the picture, name and person indeed matches.
Then comes authorization. Authorization basically means: is this person authorized to do what he attempts to do. So I should probably question him why he stopped me, and on what article of law he thinks he has the right to do so. I should then call my lawyer to verify that claim.
By now I have probably wasted at least half an hour of my time and surely pissed off the police officer. So if it's just a spot check, I might just show him my drivers license and get on with life. The same happened to your student: Somebody came up to him claiming he was a flight instructor, and the student without going through the hassle of verifying that claim, just hopped in and went flying.
I couldn't find it, but there's a joke about a student running late for a gliding lesson. He arrives at the field, sees the aircraft all ready for him with the instructor waiting. Instructor says "Good Morning, do you want to do the take-off or shall I" (or something similar). Student says he'll do the take-off. Works like a treat, he flies the circuit and lands. After opening the canopy, the "instructor" says "That was great. Can I fly some the next time?" "Why?" "Well, I'm here to learn how to fly, not to watch you flying!"
(It's a far better joke in its original form, but I honestly can't find it.)