The NFT is not the image/media - it is the transaction securing a relationship and/or movement of tokens from the artists wallet to the buyers wallet (which may or may not point to a file hash, or some other data).
The authenticity of this is easily verified by querying the transaction directly from the on-chain smart contract.
How do you verify the person in control of the "artists wallet" is actually the person who created the work (or is authorized by them to create the NFT)?
The artist needs to confirm this. For example, many artists selling on Hicetnunc[1] will put their Tezos wallet address as a link in their Twitter bio. If you spot an artwork that looks like theirs minted by a different address, it’s likely a “copymint” (typically seen as worth no value).
There are other blockchain/crypto art projects that use the chain itself to store data; such as Autoglyphs[2], which is essentially a first of its kind generative artwork on Ethereum coded entirely within the Solidity smart contract. In this case there is no question about the authenticity; you simply look at that contract address and the tokens it initiated.
The authenticity of this is easily verified by querying the transaction directly from the on-chain smart contract.