In Zimbra, by default, when an email with signatures or images in the body of the message is received, the system sometimes DOES NOT display the images by default because some browsers block this content.
To avoid this issue, you can add the spoofing account used in the simulation as a safe sender. You can do this directly upon receiving the message by selecting the option Always show images sent from the «domain» or the «email account». The system will save the trusted email address or domain in Zimbra preferences, so that ALL images in messages received for emails from that account or domain will be displayed automatically. If you want to view the spoofing account that will be used in the scenario, you should go to the Content Gallery > Phishing or Ransomware and then press the "Preview" button. Under User-visible data > email address, the spoofing account that will be used in the simulation is shown.