Most of us using the internet every day have no idea exactly how everything works, which is why it can straight up seem like magic sometimes. Probably all you do is type in the addresses — also called domain names — of your favorite sites and then click around there for a while, right? But what if those sites aren’t really the sites you think they are? What if they’re actually clones — exact replicas, with no way for you to tell the difference — set up by thieves with the goal of stealing your information?

It sounds like sci-fi but, unfortunately, it’s all too real. To explain how this is possible — and what you can do to prevent it — we have to back way up and explain what a DNS server is.

Domain Name System

DNS stands for “domain name system.” Domain names are the addresses you type in when you want to access a website. So, for example, if you want to go to Facebook you type in facebook.com or www.facebook.com or https://www.facebook.com. Those are all domain names for Facebook. Pretty clear, right?

But it’s not so clear to a computer because computers don’t “speak” English — or Spanish or Mandarin or Swahili. Instead, they “talk” in numbers. Instead of domain names, the internet and other networks use internet protocol (or “IP”) addresses that are written out in numbers. It’s in translating the human name for a site to the computer name for the site that DNS servers come into the picture.

A lot of people describe DNS servers as the “phone book” of the internet but I like to imagine it as an old fashioned switchboard or phone operator. Here’s how it works: When you type an address (like facebook.com) into your browser, your computer or phone or tablet or whatever reaches out to the DNS server to find out what number (IP address) is associated with that domain name. It then connects to that IP address and brings you to facebook.com.

Your computer will the save (“cache”) the IP address so that next time, it doesn’t have to reach out to the DNS server and can just access Google directly. However, after a while — or if you clear your cache for some reason — your computer is going to clear that IP address, which means it has to reach out again.

The problem arises when a thieves invade your computer with malware and point it to a fake DNS server that has IP addresses that look and act like the site you’re trying to access but actually aren’t that site at all. Accessing your online banking, for example, from one of these servers is like walking into your bank in your town, giving the clerk all of your information, and then realizing that it’s actually a hologram of your bank and all of your money has just been stolen by ingenious thieves from the future.

So what can you do to protect yourself? Obviously you’re not going to stop accessing online banking and the other sites that are important to you — and, unlike with that hologram bank (I have no advice for you on that one), there are solutions to this. The first thing you should be doing is running antivirus software so that thieves can’t invade your device with malware in the first place. You should also keep an eye out for “invalid certificate” messages on sites with HTTPS domain names. Any time one of those comes up, you might be being pointed to a clone and should back out of there ASAP.

The other option is choosing to use third-party DNS servers. Your internet service provider (ISP) has a default DNS server, but that doesn’t mean you have to use it. Tenta, for example, offers access to a variety of DNS, including our own TentaDNS, and a range of other popular third party DNS servers. When you connect via a good third party DNS server, you’ll usually have more security and protection than if you connect via your default ISP server. That’s because many third party DNS servers have advanced security measures that aren’t implemented yet on the default ones.

We spend so much of our time online — and do so much of our personal business online — these days that it only makes sense to protect yourself. Now that you know what DNS servers are and how they can help you, you’ve taken one step further toward avoiding the clones.