"How can pool operators identify someone who submits a false 'share complete' message to the pool without actually performing any work to calculate a solution?"
The solution is always verified. One double block hash is quick. Performing a metric ton of them to find one that fits the solution is long.