I recently had a call from whom I thought was my broadband company. As the call went on, I realised that it was someone who was trying to hack my bank details. They asked for a card reader, as they wanted to refund me. An amount of money which was not true, but cut the story short. They convinced me that I needed to load some software onto my computer. Now I am worried that my child is not safe on her computer. Could you please send me some advice what I should do?
To begin with, a thing to do could be to ensure that the operating system is secure. Consider whether you would need to reinstall the thing from scratch. That goes for both your computer and that of your child.
Next I strongly suggest that you look at the articles Educating Kids on Cyber Safety and Securing Your Home Network to get some basic information on what would be the best course of action for you. The other newsletters on this site are also very relevant, so consider reading a few of them.
But the basics and advice on how to behave can be found at: US-CERT.
Prior to reinstalling make a backup of your data using a different operating system than your current one, such that any infection that has - most likely occurred - will not be carried over when you copy the data files you do not want to lose.
If you loaded their software into the computer then it is very likely that your PC is already hacked. I would suggest not to use it for banking, etc, or even for every day use.
The best thing i could suggest is to re-install whatever operating system you are running, as some of the viruses can inject itself to system kernel, which causes that it is very hard to delete the virus, or even find it.
NOTE: it is possible that virus would inject itself to programs on hard drive, or even your personal files. I would definitely suggest to do not leave any programs from previous install.
If you need files from your computer then I suggest to copy files using Live CD (e.g. Ubuntu), as attacker may make it harder to copy files or (if you e.g. using windows XP) they could use AutoPlay to infect fresh install of windows when you insert your USB or CD
About the virus
I guess that such virus would be RAT (Remote Administration Tool) which allows to do pretty much everything on your computer remotely without you even noticing it. RAT include, FTP server to download your files or upload new, Key-logger to steal whatever you type on keyboard, Screen capture software - so attacker can see what you see on screen, microphone and webcam capture - which allows attacker see you through webcam and listen through microphone, and that is just some parts of features such software may contain.
The only protection against social engineering is the user's vigilance.
Being aware of social engineering tactics, and being skeptical when someone called you unexpectedly, claiming to be from your electric/gas/broadband/local pet shop.
If you suspect a call from your service provider might not be legitimate, what you should do is to refuse to disclose any sensitive data to the caller. Tell them that you will call their call center back. You should look up the business' phone number from a source that you can trust, e.g. from official website or from the bills that you receive, and call them on that number instead. Don't trust the call center number that the caller gives you, if they do so, always verify the number from a trusted source.
Also, you should have some vigilance about installing softwares that you don't trust on your computer. Don't follow their instruction if you don't fully understand what they are telling you to do.
For your child, you can prevent a lot of potential damage by not giving her administrative privilege on the computer. But user's vigilance should still be the primary method of preventing malware and social engineering. If she is younger child (say less than 10 years old), then teach her to consult you when they need to install something or when something is amiss. If she is older child, then teach her how to identify scams and social engineering tactics.