Is receiving fake torrent data possible?

Yes, a client will notice and block.

A torrent is divided into pieces, a piece is divided into chunks.
Every piece has its SHA1 hash included in the .torrents metadata.

If a peer send fake or corrupted chunks this will be detected when the whole piece has been received and the hash check fails.
A peer that repeatedly sends bad data will be blocked, but there is some leeway because corruption may naturally occur sometimes in a data transfer.
A good client has heuristics to find out exactly what peer(s) sent bad data by comparing the chunks sent in the piece that failed the hash check, with the chunks in the same piece when it has been re-downloaded and passed the hash check.


Adding onto Encombe's answer as to the likely-hood of a fake, "forgery" happening: It's overwhelming unlikely that such a situation could or would occur, though it is possible.

SHA-1 is an older method for file hashing and isn't recommended for new use, but it's arguably fine as it is now.

Scenario 1: A mistake occurs: If another user sends you a bad piece or chunk (perhaps a one-in-a-million error occurs and the data is corrupted in transit), the hashes will not match and the chunk will be rejected. It's almost impossibly unlikely that a chunk would just happen to have the same hash after being corrupted.

Scenario 2: A malicious user attempts to send you a fake file: Assuming that our attacker(s) knows what they're doing, it would still be very unlikely. Imagine the difficulty of even computing a fake file that has the same SHA1 hash - and the hashes of your fake file's chunks would need to match the hashes of the original file's chunks. I'd argue the amount of time it'd take to author such a file would render it almost impossible, even if you used a weaker hashing method such as MD5 out of the sheer difficulty of making so many conflicting and overlapping hashes.

You're much more likely to be at risk of someone putting up a "trap" torrent online that's designed to contain a virus or malicious content, but that would have been created by attackers and seeded by them as well (plus anyone who fell for the trap).

Having SHA-256 or greater hashes would be great, but the odds of such an attack ever succeeding are astronomically low.