Report Suspicious Activity
To report suspicious activity, email SARS@UTAH.GOV
Suspicious Behaviors and Activities That Should Be Reported Include | |
|---|---|
| ELICITING INFORMATION | Questioning individuals at a level beyond mere curiosity about particular facets of a facility’s or building’s purpose, operations, security procedures, etc., that would arouse suspicion in a reasonable person. |
| TESTING OF SECURITY | Interactions with or challenges to installations, personnel, or systems that reveal physical personnel or cybersecurity capabilities. |
| RECRUITING | Building operations teams and contacts, personnel data, banking data, or travel data. |
| PHOTOGRAPHY | Taking pictures or video of facilities, buildings, or infrastructure in a manner that would arouse suspicion in a reasonable person. Examples include taking pictures or video of infrequently used access points, personnel performing security functions (patrols, badge/vehicle checking), security-related equipment (perimeter fencing, security cameras), etc. All reporting on photography should be done within the totality of the circumstances. |
| OBSERVATION / SURVEILLANCE | Demonstrating unusual interest in facilities, buildings, or infrastructure beyond mere casual or professional (e.g., engineers) interest such that a reasonable person would consider the activity suspicious. Examples include observation through binoculars, taking notes, attempting to measure distances, etc. |
| MATERIALS ACQUISITION / STORAGE | Acquisition of unusual quantities of precursor materials, such as cell phones, pagers, fuel, and timers, such that a reasonable person would suspect possible criminal activity. |
| AQUISITION OF EXPERTISE | Attempts to obtain or conduct training in security concepts (military weapons or tactics) or other unusual capabilities that would arouse suspicion in a reasonable person. |
| WEAPONS DISCOVERY | Discovery of unusual amounts of weapons or explosives that would arouse suspicion in a reasonable person. |
| SECTOR SPECIFIC INCIDENT | Actions associated with a characteristic of unique concern to specific sectors (such as the public health sector) with regard to their personnel, facilities, systems, or functions. |
| BREACH / ATTEMPTED INTRUSION | Unauthorized personnel attempting to enter or actually entering a restricted area or protected site. Impersonation of authorized personnel (e.g., police/security, janitor). |
| MISREPRESENTATION | Presenting false or misusing insignia, documents, and/or identification to misrepresent one’s affiliation to cover possible illicit activity. |
| THEFT / LOSS / DIVERSION | Stealing or diverting something associated with a facility/infrastructure (e.g., badges, uniforms, identification, emergency vehicles, technology, or documents [classified or unclassified] that are proprietary to the facility). |
| SABOTAGE / TAMPERING / VANDALISM | Damaging, manipulating, or defacing part of a facility/infrastructure or protected site. |
| CYBERATTACK | Compromising or attempting to compromise or disrupt an organization’s information technology infrastructure. |
| EXPRESSED OR IMPLIED THREAT | Communicating a spoken or written threat to damage or compromise a facility/infrastructure. |
| AVIATION ACTIVITY | Operation of an aircraft in a manner that reasonably may be interpreted as suspicious or posing a threat to people or property. May or may not be in violation of Federal Aviation Regulations. |