Engage - Phishing Simulation with Attachments - Feb 2026

Updated

Service Updates

Availability February 11th, 2026
Product(s) Engage (Cloud Gateway)
Who's affected All Existing and Net-new Engage Customers

Overview

We’re introducing a new phishing simulation capability in Mimecast Engage that allows administrators to include safe, dummy attachments in simulated phishing emails. This enhancement is designed to better mirror real-world attack patterns, helping you train users not only to identify suspicious links but also to treat unexpected attachments with caution.

With this release, attachment interactions will be tracked alongside your existing phishing reporting, giving you deeper insight into user behavior and risk.

What’s New

  • Engage admins can now configure phishing templates that include dummy attachments as part of their security awareness campaigns.
  • A new user status, Attachment opened, is added to existing phishing reporting so you can see which users opened the simulation attachment.
  • When customizing a phishing template, admins can choose from the following file types:
  1. PowerPoint (.pptx)
  2. Word (.docx)
  3. Excel (.xlsx)
  4. HTML (.html)

Admins can set a custom file name for the attachment to closely mimic realistic business documents.

Safe, controlled content

  1. All attachments are dummy files and do not contain malware or active content.
  2. For security reasons, you cannot upload your own attachment files.
  3. All attachments display the same message when opened:
    This attachment is part of a company phishing simulation. No further action is needed.

End‑user experience

  1. If a user opens the attachment, they see a message explaining that it was part of a phishing simulation.
  2. Users can still report these messages using your usual Report Phishing process, and these reports are captured in your simulation metrics.

Where to configure attachments

For full details on how to set up Phishing Simulations with Attachments, see Engage - Managing Phishing Templates

Recommended Actions

  • Plan phishing campaigns with relevant attachment scenarios (e.g., “urgent invoice” and “HR update”).
  • Add attachments to templates in the Engage Template Library using the new features.
  • Update security awareness materials to highlight risks of unsolicited attachments.
  • Remind users to use the Report Phishing process for suspicious emails, including simulations.
  • Use the Attachment opened status in Engage reports to find users or groups likely to open unexpected attachments.
  • Include attachment results in your phishing campaign analytics and KPIs.

Deployment Schedule

Region Date
ZA, UK, AU, DE Feb 11, 2026
US, USB, CA Feb 12, 2026

See Also...

  1. Engage - Phishing Training Dashboard

  2. Engage - Creating Templates From URL Protection Clicks

  3. Engage - Managing Phishing Templates

  4. Engage - Test Email for Phishing Campaigns

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.