State Bureau of Investigation Menu

Report Suspicious Activity


To report suspicious activity, email SARS@UTAH.GOV


Suspicious Behaviors and Activities That Should Be Reported Include

ELICITING INFORMATIONQuestioning individuals at a level beyond mere curiosity about particular facets of a facility’s or building’s purpose, operations, security procedures, etc., that would arouse suspicion in a reasonable person.
TESTING OF SECURITYInteractions with or challenges to installations, personnel, or systems that reveal physical personnel or cybersecurity capabilities.
RECRUITINGBuilding operations teams and contacts, personnel data, banking data, or travel data.
PHOTOGRAPHYTaking pictures or video of facilities, buildings, or infrastructure in a manner that would arouse suspicion in a reasonable person. Examples include taking pictures or video of infrequently used access points, personnel performing security functions (patrols, badge/vehicle checking), security-related equipment (perimeter fencing, security cameras), etc. All reporting on photography should be done within the totality of the circumstances.
OBSERVATION / SURVEILLANCEDemonstrating unusual interest in facilities, buildings, or infrastructure beyond mere casual or professional (e.g., engineers) interest such that a reasonable person would consider the activity suspicious. Examples include observation through binoculars, taking notes, attempting to measure distances, etc.
MATERIALS ACQUISITION / STORAGEAcquisition of unusual quantities of precursor materials, such as cell phones, pagers, fuel, and timers, such that a reasonable person would suspect possible criminal activity.
AQUISITION OF EXPERTISEAttempts to obtain or conduct training in security concepts (military weapons or tactics) or other unusual capabilities that would arouse suspicion in a reasonable person.
WEAPONS DISCOVERYDiscovery of unusual amounts of weapons or explosives that would arouse suspicion in a reasonable person.
SECTOR SPECIFIC INCIDENTActions associated with a characteristic of unique concern to specific sectors (such as the public health sector) with regard to their personnel, facilities, systems, or functions.
BREACH / ATTEMPTED INTRUSIONUnauthorized personnel attempting to enter or actually entering a restricted area or protected site. Impersonation of authorized personnel (e.g., police/security, janitor).
MISREPRESENTATIONPresenting false or misusing insignia, documents, and/or identification to misrepresent one’s affiliation to cover possible illicit activity.
THEFT / LOSS / DIVERSIONStealing or diverting something associated with a facility/infrastructure (e.g., badges, uniforms, identification, emergency vehicles, technology, or documents [classified or unclassified] that are proprietary to the facility).
SABOTAGE / TAMPERING / VANDALISMDamaging, manipulating, or defacing part of a facility/infrastructure or protected site.
CYBERATTACKCompromising or attempting to compromise or disrupt an organization’s information technology infrastructure.
EXPRESSED OR IMPLIED THREATCommunicating a spoken or written threat to damage or compromise a facility/infrastructure.
AVIATION ACTIVITYOperation of an aircraft in a manner that reasonably may be interpreted as suspicious or posing a threat to people or property. May or may not be in violation of Federal Aviation Regulations.